FintechMortgage

Millions of sensitive mortgage documents exposed in massive data breach

TechCrunch reports on exposure of 10 years of mortgage documents

Millions of sensitive mortgage documents were left exposed on the internet for two weeks in a massive data breach that could affect an unknown number of people.

The details of the data breach come courtesy of TechCrunch, which reported Wednesday that more than 24 million mortgage and banking documents were found online in an unprotected database.

According to the report, the server “had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.”

But the server and all of its information was left unprotected for at least two weeks.

From the TechCrunch report:

It’s believed that the database was only exposed for two weeks — but long enough for independent security researcher Bob Diachenko to find the data. At first glance, it wasn’t immediately known who owned the data. After we inquired with several banks whose customers information was found on the server, the database was shut down on January 15.

According to the report, the database contained mortgage and financial documents stretching back to at least 2008, and included documents from Citigroup, Wells Fargo, Capital One, and the Department of Housing and Urban Development, among others.

And worst of all, the documents contained highly sensitive personal information, including people’s names, addresses, dates of birth, Social Security numbers, and other sensitive information typically found on mortgage documents.

According to the article, the breach was sourced back to Ascension, a Fort Worth, Texas-based company that provides data and analytics to the financial services industry.

The exposed data appears to have come from documents Ascension processed using OCR, a computer process that converts paper documents into electronic documents.

Again from TechCrunch:

Sandy Campbell, general counsel at Ascension’s parent company, Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion, confirmed the security incident to TechCrunch.

“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”

According to the article, the company plans to notify all affected consumers as well as appropriate law enforcement authorities.

For much more on the story, click here to read TechCrunch’s article.

Most Popular Articles

Airbnb properties wouldn’t make a dent in housing market

While the real estate market has lots of challenges during the COVID-19 pandemic, a tsunami of houses being sold by Airbnb hosts who can’t pay their mortgages isn’t one of them. HW+ Premium Content

Jun 02, 2020 By

Latest Articles

Here’s evidence of V-shaped recovery

This week, the “V-shaped” recovery in purchase applications is mimicked by the inverted “V-shaped” recovery of the St. Louis Stress Index. According to HousingWire Columnist Logan Mohtashami, this signals a return to a much more calm financial market.

Jun 05, 2020 By
3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please