U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Scottrade Bank admits a data breach that potentially exposed 20,000 customers’ records

Scottrade Bank confirmed that a technical incident has exposed 20,000 customer records. a 60GB MSSQL database was accidentally left open online. It is official, the Scottrade Bank suffered a data breach that affected thousands of its customers. Online brokerage Scottrade has admitted the data breach for sensitive loan applications from roughly 20,000 customers. The incident […]

Scottrade Bank admits a data breach that potentially exposed 20,000 customers’ records

Scottrade Bank confirmed that a technical incident has exposed 20,000 customer records. a 60GB MSSQL database was accidentally left open online.

It is official, the Scottrade Bank suffered a data breach that affected thousands of its customers.

Online brokerage Scottrade has admitted the data breach for sensitive loan applications from roughly 20,000 customers.

Scottrade

The incident occurred when IT services company Genpact uploaded the sensitive data to an Amazon-hosted server. Unfortunately, the company didn’t protect the precious archive leaving it exposed online without protection.

The incident was discovered by the popular security expert Chris Vickery, who was well known to have discovered many other databases left online without protection.  Vickery discovered the precious archive and downloaded the 158.9GB Microsoft SQL database, then he decided to report the issue to Scottrade.

According to Vickery the archive contains account passwords in plain text, the exposed records include names, addresses and social security numbers.

Scottrade promptly started an investigation and discovered the root cause of the incident. A Genpact employee hasn’t properly configured the SQL server.

“On April 2, Genpact, a third party vendor, confirmed that it had uploaded a data set to one of its cloud servers that did not have all security protocols in place. As a result, the data was not fully secured for a period of time. The file contained commercial loan application information of a small B2B unit within Scottrade Bank, including non-public information of as many as 20,000 individuals and businesses.” reads the official statement issued by Scottrade. “Upon being alerted to the issue, Genpact immediately secured that information, and traced the issue to a configuration error on their part while uploading the file.”

The precious archive has now been immediately removed from online after the breach notification.

The service provider Genpact is investigating the incident to determine which data have been exposed.

“Genpact is undertaking an extensive analysis of the log files and the environment to determine to what extent the data may have been accessed. It has engaged a leading forensics firm to assist in the analysis.” continues the statement.

Genpact and Scottrade confirmed that the incident wasn’t caused by a cyber attack against the internal servers of both companies.

Scottrade has already suffered a data breach in the past, in October 2015 an incident exposed the personal information of 4.6 million customers.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Scottrade , data breach)