Due to a misconfiguration in a company web server on Monday, Municipal Bond Insurance Association, the nation’s largest bond insurer, exposed countless customer account numbers, balances and other sensitive data, an article in KrebsOnSecurity said.
Notified about the breach, the company quickly disabled the vulnerable site —mbiaweb.com. This Web property contained customer data from Cutwater Asset Management, a fixed-income unit of MBIA that is slated to be acquired by BNY Mellon Corp.
“We have been notified that certain information related to clients of MBIA’s asset management subsidiary, Cutwater Asset Management, may have been illegally accessed,” MBIA spokesperson Kevin Brown said in a statement to HousingWire. “We are conducting a thorough investigation and will take all measures necessary to protect our customers’ data, secure our systems, and preserve evidence for law enforcement.”
The article explained that Bryan Seely, an independent security expert with Seely Security, discovered the exposed data using a search engine.
“Malicious hackers finding dozens of universities or companies with Social Security numbers, health data or other information is devastating, but stumbling on bank accounts and the instructions for how to empty them is potentially catastrophic,” Seely said.
Based in Purchase, New York, MBIA’s site explained that it is a holding company whose subsidiaries provide financial guarantee insurance, fixed-income asset management, and other specialized financial services.
Last month, Home Depot (HD) confirmed the rumors that it was the victim of a massive credit card data breach, also initially reported by Krebs on Security last month. According to the company, the payment data systems for its U.S. and Canadian stores were compromised in a coordinated attack that stretches back into April.