In January, Ascension’s server suffered a security lapse that allowed information on 24 million bank, mortgage and other loans to be accessed online. The server contained decades worth of data, but was not password protected. The lack of security allowed anyone to access the files.
Exposed records on the database contained personally identifiable information, including names, addresses, Social Security numbers, and even the reasons the loans were requested.
Cybersecurity researcher Bob Diachenko, who discovered the breach, commented: “This information would be a gold mine for cybercriminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”
Sandy Campbell, general counsel for Rocktop Partners, Ascension’s parent company said: “On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents. The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”
The banks working with the vendor are taking the normal course of action – notifying customers, law enforcement and launching internal investigations. Such actions have been all too common in recent months, as data breaches continue to occur.
Protecting your data
Although there is no foolproof solution to protect your data, IT Governance USA can work with your organization to meet its ISO 27001, EU GDPR (General Data Protection Regulation), PCI DSS (Payment Card Industry Data Security Standard), and penetration testing requirements.
Our comprehensive range of products and services, combined with flexible and cost-effective delivery options, provide a unique, integrated alternative to the traditional consultancy firm, publishing house, penetration tester, or training provider. We pride ourselves on our international customer base, and deliver a broad range of integrated, high-quality solutions globally, while meeting the real-world needs of today’s organizations, directors, and practitioners.
Contact us on 1-877-317-3454 or email firstname.lastname@example.org for more information or to discuss your requirements. Follow us on Facebook, LinkedIn, and Twitter to stay up to date on our products and services and the latest cybersecurity news.