SECURITY
SECURITY
SECURITY
24M financial records found online in latest Elasticsearch database exposure
Some 24 million financial and banking documents have been exposed online by a financial company in yet another case of a misconfigured database.
The leak involves Ascension, a data and analytics company for the financial industry based in Fort Worth, Texas, according to TechCrunch. Discovered by security researcher Bob Diachenko and published today, the misconfigured Elasticsearch database at the company left more than a decade’s worth of credit and mortgage records exposed.
The data included names, addresses, birth dates, Social Security numbers and bank and checking account numbers, as well as details of loan agreements that include sensitive financial information, such as why the person is requesting the loan. Documents relating to various major banks and financial institutions were also found on the database, including the CitiFinancial company.
It’s not clear how many people may have been affected by the data breach or even whether the data was accessed by malicious actors. Once informed of the data exposure by Diachenko, Ascension quickly secured the database on Jan. 15.
Ruchika Mishra, director of products and solutions at Balbix Inc., told SiliconANGLE that a malicious actor could level significant damage against individuals affected by this breach.
“Actions could range from identity theft, filing false tax returns, applying for loans or credit cards in a victim’s name — the list goes on,” she said. “This exposure is another unfortunate example of a lack of authentication on an Elasticsearch server leading to a massive data leak.”
Mishra added that organizations face the hefty task of continuously monitoring all assets and more than 200 potential attack vectors to detect vulnerabilities.
“Through this process, companies are likely to detect thousands of vulnerabilities—far too many to tackle all at once,” she said. “The key to preventing a breach as devastating as Ascension’s is to leverage security tools that employ artificial intelligence and machine learning that analyze the tens of thousands of data signals to prioritize which vulnerabilities to fix first.”
Photo: M.O. Stevens/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
