It is hard to establish how many customers’ details could have been affected in the “information disclosure vulnerability” found by security researcher Kristian Erik Hermansen, according to IT Pro. However, the financial institution has over 12,000 clients across the world.
The vulnerability enabled unauthorized access to common users to info such as the customer’s email address, phone number and bank account number. Common users shouldn’t be able to view the data; a criminal could have exploited the flaw to steal information from customers.
When approached by security experts, spoksmen for Fiserv said that the company has developed a security patch within 24 hours of receiving notification and deployed the patch to clients that utilise a hosted version of the solution. The company plans to deploy the patch also to clients that utilise an in-house version of the solution.
Update, September 5, 2018: To provide context on the recent news, which related to a one-way messaging feature in a limited number of bank websites, Fiserv said that “our ongoing research and continued monitoring have not identified, and we have not received reports of, any adverse consumer impact. We promptly developed a patch to update the feature, deployed the patch to clients using the feature and completed testing to confirm the patch resolves the issue. Fiserv recognizes the importance of security and takes any security concern seriously.”
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now