cancel
Showing results for 
Search instead for 
Did you mean: 

Millions of bank loan and mortgage documents have leaked online

Your FICO® Scores can impact your loan interest rates, terms, approvals and more.
Established Contributor

Millions of bank loan and mortgage documents have leaked online

https://techcrunch.com/2019/01/23/financial-files/

 

"A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse.

 

The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.

 

But it wasn’t protected with a password, allowing anyone to access and read the massive cache of documents."

 

Ascension appears to be a 3rd-party analytics company that processes scanned loan documents for purchasers of bundled/sold loans... for many major loan originators.

 

Scanned and OCRed copies of the documents you provided as part of the mortgage application... handed from the originators, to the purchasers of the bundles, to the 3rd-party procesor, and then put in an internet-accessible, searchable, non-password protected, unencrypted database. Wonderful!

 

EQ8:843 TU8:840 EX8:850 EQ9:850 TU9:850 EX9:850 EQ5:774 TU4:791 EX2:809 - 2018-11-07
Message 1 of 6
5 REPLIES 5
Valued Contributor

Re: Millions of bank loan and mortgage documents have leaked online

You beat me to it, I was just about to post this. 

 

I think we need regulations that prevent storage of sensitive financial documents on a server that is accessible from the web because these breaches are getting out of hand. Store redacted information unless it’s an intranet only. 

 

It is scary to think how many people don’t have credit report freezes at this point. These breaches will just keep happening until there is accountability. 



Scores 1/2019:
Scores 4/2019:

Hover over my cards to see my limits!
Goal: Garden... and garden... and garden.
Message 2 of 6
Moderator Emeritus

Re: Millions of bank loan and mortgage documents have leaked online

Would have appreciated if they'd published all the lenders specifically.

 




        
Message 3 of 6
Frequent Contributor

Re: Millions of bank loan and mortgage documents have leaked online

There's an update to this story: https://techcrunch.com/2019/01/24/mortgage-loan-leak-gets-worse/

 

Two things I notice a lot when reading reports of these security breaches: 'startup' and 'Amazon S3' or AWS.

 

"...the company said that one of its vendors, OpticsML, a New York-based document management startup, had mishandled the data and was to blame for the data leak."

"Diachenko found the second trove of data in a separate exposed Amazon S3 storage server, which too was not protected with a password."

 

I always imagine a group of 'brogrammers' just out of college who recently learned Python who get some idea and funding to disrupt (i.e., provide cheaply) some service industry. I have access to some corporate servers that don't even have terribly sensitive data, yet require me to take quite a few security steps to login remotely: 1) VPN with digital card based auth token 2) Secondary confirmation of GPS location 3) If I make a mistake typing in a password, I am immediately locked out, the on-call IT security person gets a page, SMS notification, and I get a phone call from a very sleepy person.

 

But our financial records? Oh, no big deal, just open it up to the world wide web and use the default 3-try lockout.

 

 

 

Lowly turtle of the myFICO community.Bank-Issued Mastercard $2,000Bank-Issued Visa $6,500In the lab until January 2020

Message 4 of 6
Super Contributor

Re: Millions of bank loan and mortgage documents have leaked online


@Saeren wrote:

You beat me to it, I was just about to post this. 

 

I think we need regulations that prevent storage of sensitive financial documents on a server that is accessible from the web because these breaches are getting out of hand. Store redacted information unless it’s an intranet only. 

 

It is scary to think how many people don’t have credit report freezes at this point. These breaches will just keep happening until there is accountability. 


Your expressed point of view hits it right on the head. So much of what seems to be leaked does not need to be accessed by outside everyday Joe's! Build a separate false front landing page with the required info but not allow a direct connection from the outside. Found out that is how my Health Insurance provider handles it. I cannot really get at the "Core" and I had figured it was realtime on line but not true.

Starting Score: 000 Fico
Current Score: 850 Fico EX08EQ08TU08
Goal Score: 850


Take the myFICO Fitness Challenge
Message 5 of 6
Frequent Contributor

Re: Millions of bank loan and mortgage documents have leaked online

This part is what screams negligence:

 

In a note to TechCrunch, Diachenko said he was “very surprised” to find the server in the first place, let alone open and accessible. Because Amazon storage servers are private by default and aren’t accessible to the web, someone would have made a conscious decision to set its permissions to public.

 

 

.



Message 6 of 6