UPDATED 22:06 EDT / JANUARY 23 2019

SECURITY

24M financial records found online in latest Elasticsearch database exposure

Some 24 million financial and banking documents have been exposed online by a financial company in yet another case of a misconfigured database.

The leak involves Ascension, a data and analytics company for the financial industry based in Fort Worth, Texas, according to TechCrunch. Discovered by security researcher Bob Diachenko and published today, the misconfigured Elasticsearch database at the company left more than a decade’s worth of credit and mortgage records exposed.

The data included names, addresses, birth dates, Social Security numbers and bank and checking account numbers, as well as details of loan agreements that include sensitive financial information, such as why the person is requesting the loan. Documents relating to various major banks and financial institutions were also found on the database, including the CitiFinancial company.

It’s not clear how many people may have been affected by the data breach or even whether the data was accessed by malicious actors. Once informed of the data exposure by Diachenko, Ascension quickly secured the database on Jan. 15.

Ruchika Mishra, director of products and solutions at Balbix Inc., told SiliconANGLE that a malicious actor could level significant damage against individuals affected by this breach.

“Actions could range from identity theft, filing false tax returns, applying for loans or credit cards in a victim’s name — the list goes on,” she said. “This exposure is another unfortunate example of a lack of authentication on an Elasticsearch server leading to a massive data leak.”

Mishra added that organizations face the hefty task of continuously monitoring all assets and more than 200 potential attack vectors to detect vulnerabilities.

“Through this process, companies are likely to detect thousands of vulnerabilities—far too many to tackle all at once,” she said. “The key to preventing a breach as devastating as Ascension’s is to leverage security tools that employ artificial intelligence and machine learning that analyze the tens of thousands of data signals to prioritize which vulnerabilities to fix first.”

Photo: M.O. Stevens/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.