A huge cache of financial documents scanned from paper-based mortgage and credit reports was exposed online in an alleged major security lapse at US data and analytics company Ascension.
The database, holding 24 million documents going back ten years, included mortgage agreements and repayment schedules with scores of the country's biggest banks, including Citi, HSBC, Capital One and Wells Fargo.
“This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards,” said Bob Diachenko, the independent security researcher who first discovered the database and reported it to TechCrunch.
The data was stored without password protection enabled and was therefore visible to all-comers for a period of two weeks before it was removed from the Web.
TechCrunch traced the leaky server housing the data back to Texas-based Ascension, which, among other services in the mortgage servicing and capital markets space, converts paper documents into computer-readable files.
Ascension’s parent company, Rocktop Partners, confirmed the breach to TechCrunch but said its systems remained secure.
“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” Sandy Campbell, general counsel for Rocktop Partners, said in a statement to the publication. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation.”