FintechMortgage

Millions of sensitive mortgage documents exposed in massive data breach

TechCrunch reports on exposure of 10 years of mortgage documents

Millions of sensitive mortgage documents were left exposed on the internet for two weeks in a massive data breach that could affect an unknown number of people.

The details of the data breach come courtesy of TechCrunch, which reported Wednesday that more than 24 million mortgage and banking documents were found online in an unprotected database.

According to the report, the server “had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.”

But the server and all of its information was left unprotected for at least two weeks.

From the TechCrunch report:

It’s believed that the database was only exposed for two weeks — but long enough for independent security researcher Bob Diachenko to find the data. At first glance, it wasn’t immediately known who owned the data. After we inquired with several banks whose customers information was found on the server, the database was shut down on January 15.

According to the report, the database contained mortgage and financial documents stretching back to at least 2008, and included documents from Citigroup, Wells Fargo, Capital One, and the Department of Housing and Urban Development, among others.

And worst of all, the documents contained highly sensitive personal information, including people’s names, addresses, dates of birth, Social Security numbers, and other sensitive information typically found on mortgage documents.

According to the article, the breach was sourced back to Ascension, a Fort Worth, Texas-based company that provides data and analytics to the financial services industry.

The exposed data appears to have come from documents Ascension processed using OCR, a computer process that converts paper documents into electronic documents.

Again from TechCrunch:

Sandy Campbell, general counsel at Ascension’s parent company, Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion, confirmed the security incident to TechCrunch.

“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”

According to the article, the company plans to notify all affected consumers as well as appropriate law enforcement authorities.

For much more on the story, click here to read TechCrunch’s article.

Most Popular Articles

The housing market faced uncertainty in March, but now ‘it’s a circus’

The housing market faced a lot of uncertainty when COVID-19 caused the real estate industry to pause under shut-downs, but low interest rates and the desire for more space have turned this year into a boom time for real estate agents.

Oct 21, 2020 By

Latest Articles

Lone Wolf Technologies plans to accelerate growth with investment from Stone Point Capital

Stone Point Capital has purchased Vista Equity Partners’ stake in real estate software company Lone Wolf Technologies. Stone Point will become Lone Wolf’s lead institutional investor, powering the next phase of its growth and expanding its product offering, the company said.

Oct 23, 2020 By
3d rendering of a row of luxury townhouses along a street

Log In

Forgot Password?

Don't have an account? Please