Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
Digital Identity, Security & Online Fraud

Scottrade Bank breached, exposing customers' personal information

Friday 7 April 2017 | 10:43 AM CET

Scottrade Bank has confirmed that customers’ personal information was inadvertently left open to the public, exposing 20,000 records.

The incident took place when a third-party vendor uploaded a file to a server without putting the proper security protocols in place. Chris Vickery, a cybersecurity researcher, first hinted about the breach on his Twitter feed April 1 saying he was able to download a large bank-related MSSQL database containing plaintext passwords, according to SC Magazine.

He followed up the next day saying the bank, eventually named as Scottrade, had responded to his breach notification and patched the problem.

In an official statement on the data breach, the bank blamed Genpact, one of its vendors, who pushed a file to a server containing commercial loan application information of the B2B unit that is housed within Scottrade Bank.
Answering back, the vendor confirmed that it had uploaded a data set to one of its cloud servers that did not have all security protocols in place. However, the company immediately secured that information, and traced the issue to a configuration error on their part while uploading the file.

No other Scottrade customer information was at risk, the company continued, and the breach is being investigated.

More: Link