FinTechMortgage

Millions of sensitive mortgage documents exposed in massive data breach

TechCrunch reports on exposure of 10 years of mortgage documents

Millions of sensitive mortgage documents were left exposed on the internet for two weeks in a massive data breach that could affect an unknown number of people.

The details of the data breach come courtesy of TechCrunch, which reported Wednesday that more than 24 million mortgage and banking documents were found online in an unprotected database.

According to the report, the server “had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.”

But the server and all of its information was left unprotected for at least two weeks.

From the TechCrunch report:

It’s believed that the database was only exposed for two weeks — but long enough for independent security researcher Bob Diachenko to find the data. At first glance, it wasn’t immediately known who owned the data. After we inquired with several banks whose customers information was found on the server, the database was shut down on January 15.

According to the report, the database contained mortgage and financial documents stretching back to at least 2008, and included documents from Citigroup, Wells Fargo, Capital One, and the Department of Housing and Urban Development, among others.

And worst of all, the documents contained highly sensitive personal information, including people’s names, addresses, dates of birth, Social Security numbers, and other sensitive information typically found on mortgage documents.

According to the article, the breach was sourced back to Ascension, a Fort Worth, Texas-based company that provides data and analytics to the financial services industry.

The exposed data appears to have come from documents Ascension processed using OCR, a computer process that converts paper documents into electronic documents.

Again from TechCrunch:

Sandy Campbell, general counsel at Ascension’s parent company, Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion, confirmed the security incident to TechCrunch.

“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”

According to the article, the company plans to notify all affected consumers as well as appropriate law enforcement authorities.

For much more on the story, click here to read TechCrunch’s article.

About the Author

Most Popular Articles

Freddie Mac: Mortgage rates reverse course from last week’s low

This week, the average U.S. fixed rate for a 30-year mortgage jumped to 3.69%. That’s still more than a percentage point lower than the 4.85% of the year-earlier week.

Oct 17, 2019 By

Latest Articles

Will Supreme Court decision threaten CFPB independence?

Friday, the Supreme Court agreed to hear the case to determine the constitutionality of the leadership of the Consumer Financial Protection Bureau. Various groups are torn on the hearing, with some saying a committee to head the bureau will keep it more accountable and others saying a ruling against the current structure could threaten the CFPB’s independence.

Oct 21, 2019 By