A fintech security breach at Ascension, USA leaks millions of crucial financial documents
A large cache of financial documents and credit card reports were exposed online in an alleged security lapse at US data and analytics firm Ascension. 24 million documents dating back to 2008 with scores of the country’s biggest banks, including Citi, HSBC, Capital One and Wells Fargo were among the information exposed. Cybercriminals would call this a gold mine that would give them access to everything they need to steal identities, file false tax returns, and get loans, credit cards.
“On January 15, a technology vendor learned of a server configuration error that may have led to the exposure of some mortgage-related documents. The vendor immediately shut down the server in question, and we are working with financial forensics experts to investigate the situation,” said Sandy Campbell, General Counsel for Rocktop Partners, the parent company of data analytics firm Ascension.
The Elasticsearch database server hosted more than a decade’s data to reveal everything about a person’s intimate financial life. The breach took place because the server was not password protected for two long weeks exposing the data to all server visitors within those weeks.
Ascension, a data analytics firm for the global financial industry, is based in Fort Worth, Texas. The IT firm provides data analysis, portfolio valuations, document conversions, i.e. OCR. Rocktop Partners the parent company owns more than 46,000 loans worth $4.4 billion has confirmed the security lapse.
There are also speculations of another such storage server containing the original documents from the first exposed database. Campbell has assured the world that Ascension will inform all affected customers and report the incident to state regulators under data breach notification laws.
In a recent series of security lapses involving Elasticsearch databases. A massive database leaking millions of real-time SMS text message data was found and secured last year, as well as a popular message service and most recently, AISEC has been victims of data breaches in the past few months. With increasing investment in the financial technology sector, it is high time that the security and safety of this digital world are safeguarded and promoted by the leading innovators of financial technology.