myFICO® Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Millions of bank loan and mortgage documents have leaked online

tag
Get Access Now
iv
Valued Contributor
‎01-24-2019 07:57 AM
‎01-24-2019 07:57 AM

Millions of bank loan and mortgage documents have leaked online

https://techcrunch.com/2019/01/23/financial-files/

 

"A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse.

 

The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.

 

But it wasn’t protected with a password, allowing anyone to access and read the massive cache of documents."

 

Ascension appears to be a 3rd-party analytics company that processes scanned loan documents for purchasers of bundled/sold loans... for many major loan originators.

 

Scanned and OCRed copies of the documents you provided as part of the mortgage application... handed from the originators, to the purchasers of the bundles, to the 3rd-party procesor, and then put in an internet-accessible, searchable, non-password protected, unencrypted database. Wonderful!

 

EQ8:850 TU8:850 EX8:850
EQ9:847 TU9:847 EX9:839
EQ5:797 TU4:807 EX2:813 - 2021-06-06
Message 1 of 6
5 REPLIES 5
Anonymous
Not applicable
‎01-24-2019 08:37 AM
‎01-24-2019 08:37 AM

Re: Millions of bank loan and mortgage documents have leaked online

You beat me to it, I was just about to post this. 

 

I think we need regulations that prevent storage of sensitive financial documents on a server that is accessible from the web because these breaches are getting out of hand. Store redacted information unless it’s an intranet only. 

 

It is scary to think how many people don’t have credit report freezes at this point. These breaches will just keep happening until there is accountability. 

Message 2 of 6
Revelate
Moderator Emeritus
‎01-24-2019 11:35 PM
‎01-24-2019 11:35 PM

Re: Millions of bank loan and mortgage documents have leaked online

Would have appreciated if they'd published all the lenders specifically.

 




        
Message 3 of 6
Anonymous
Not applicable
‎01-25-2019 03:40 AM
‎01-25-2019 03:40 AM

Re: Millions of bank loan and mortgage documents have leaked online

There's an update to this story: https://techcrunch.com/2019/01/24/mortgage-loan-leak-gets-worse/

 

Two things I notice a lot when reading reports of these security breaches: 'startup' and 'Amazon S3' or AWS.

 

"...the company said that one of its vendors, OpticsML, a New York-based document management startup, had mishandled the data and was to blame for the data leak."

"Diachenko found the second trove of data in a separate exposed Amazon S3 storage server, which too was not protected with a password."

 

I always imagine a group of 'brogrammers' just out of college who recently learned Python who get some idea and funding to disrupt (i.e., provide cheaply) some service industry. I have access to some corporate servers that don't even have terribly sensitive data, yet require me to take quite a few security steps to login remotely: 1) VPN with digital card based auth token 2) Secondary confirmation of GPS location 3) If I make a mistake typing in a password, I am immediately locked out, the on-call IT security person gets a page, SMS notification, and I get a phone call from a very sleepy person.

 

But our financial records? Oh, no big deal, just open it up to the world wide web and use the default 3-try lockout.

 

 

 

Message 4 of 6
Anonymous
Not applicable
‎01-25-2019 03:15 PM
‎01-25-2019 03:15 PM

Re: Millions of bank loan and mortgage documents have leaked online

@Anonymous wrote:

You beat me to it, I was just about to post this. 

 

I think we need regulations that prevent storage of sensitive financial documents on a server that is accessible from the web because these breaches are getting out of hand. Store redacted information unless it’s an intranet only. 

 

It is scary to think how many people don’t have credit report freezes at this point. These breaches will just keep happening until there is accountability. 

Your expressed point of view hits it right on the head. So much of what seems to be leaked does not need to be accessed by outside everyday Joe's! Build a separate false front landing page with the required info but not allow a direct connection from the outside. Found out that is how my Health Insurance provider handles it. I cannot really get at the "Core" and I had figured it was realtime on line but not true.

Message 5 of 6
Glen_M
Frequent Contributor
‎01-27-2019 09:20 AM
‎01-27-2019 09:20 AM

Re: Millions of bank loan and mortgage documents have leaked online

This part is what screams negligence:

 

In a note to TechCrunch, Diachenko said he was “very surprised” to find the server in the first place, let alone open and accessible. Because Amazon storage servers are private by default and aren’t accessible to the web, someone would have made a conscious decision to set its permissions to public.

 

 

.



Message 6 of 6
0 Kudos
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.