More than 24 million financial and banking documents related to mortgages and other consumer loans were leaked online due to a server security lapse.
According to a report by TechCrunch, the server was running an Elasticsearch database and stored more than a decade of data from some of the nation’s largest banks. The data in question included confidential loan and mortgage contracts and sensitive personal information on borrowers.
The information was not password protected, thus opening it to wide exposure for at least two weeks before the server was shut down on January 15 after independent security researcher Bob Diachenko discovered the breach. The leak was traced back to Ascension, a Fort Worth, Texas-based data and analytics company serving the financial services industry, and the data belonged to Citigroup’s now-defunct CitiFinancial subsidiary, HSBC Life Insurance, Wells Fargo, CapitalOne and federal agencies including the Department of Housing and Urban Development.
Sandy Campbell, General Counsel at Ascension’s parent company Rocktop Partners, confirmed the breach.
“On Jan. 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”