The incident took place when a third-party vendor uploaded a file to a server without putting the proper security protocols in place. Chris Vickery, a cybersecurity researcher, first hinted about the breach on his Twitter feed April 1 saying he was able to download a large bank-related MSSQL database containing plaintext passwords, according to SC Magazine.
He followed up the next day saying the bank, eventually named as Scottrade, had responded to his breach notification and patched the problem.
In an official statement on the data breach, the bank blamed Genpact, one of its vendors, who pushed a file to a server containing commercial loan application information of the B2B unit that is housed within Scottrade Bank. Answering back, the vendor confirmed that it had uploaded a data set to one of its cloud servers that did not have all security protocols in place. However, the company immediately secured that information, and traced the issue to a configuration error on their part while uploading the file.
No other Scottrade customer information was at risk, the company continued, and the breach is being investigated.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now