Kreditech, a Germany-based lender focused on the unbanked, has suffered a data breach that has resulted in the personal records of thousands of applicants stolen and dumped on the dark web.
On a site accessible via Tor, links have been posted to scanned passports, drivers' licenses, national IDs and credit agreements, according to security blogger Brian Krebs. A hacking collective called 'A4' claims to have posted the material after finding "hundreds of gigabytes" of Kreditech documents.
Kreditech spokesperson Anna Friedrich told Krebs that the firm did suffer a "security incident" last August, that it appears to have affected applicants, not customers, that an internal leak is suspected, and that police are investigating.
Friedrich tells Finextra: "Data affected stem from the caching system of our website - this means we are only talking about temporary data that was deleted afterwards. In the caching system only application data is temporarily saved, no data of existing customers."
She adds: "The internal system investigation were successfully completed last year. We have secure and robust security measures in place."
Kreditech practices what it calls 'algorithmic banking', using big data to make credit decisions on loans for people who might be shut out by high street providers. Last summer the company raised $40 million in series b funding and has since secured a $200 million credit line from Victory Park Capital.