Leaving the front door open: Millions of mortgage docs exposed online

Citi, Wells Fargo, and HUD among institutions affected by leak of highly sensitive info

TRD NATIONAL /
Jan.January 24, 2019 01:45 PM

(Credit: Pixabay)

A giant cache of 24 million documents from credit and mortgage reports was exposed online for about two weeks, according to a TechCrunch report posted Wednesday.

Because it was not protected with a password, the 51 GB database was available for anyone to access and read. The data included sensitive personal information used for credit checks, from social security numbers and bank accounts to W-2 forms and bankruptcy filing information.

“This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards,” said Bob Diachenko, the independent security researcher who first discovered the database.

The documents, some dating as far back as 2008, came from major financial institutions such as Citigroup, HSBC, Wells Fargo, and CapitalOne, as well as the Department of Housing and Urban Development, which insures mortgages via the Federal Housing Administration.

Diachenko and TechCrunch traced the leak to the data and analytics company Ascension, based in Fort Worth, Texas. Among other services, Ascension converts scanned paper documents into machine-readable text, which was the kind of data stored in the compromised database.

In addition to enabling identity theft and fraud, the lack of password protection could have allowed cybercriminals to install malicious software on the database servers. A spokesperson for Ascension’s parent company, Rocktop Partners, said its systems were not impacted. The database was shut down on January 15.

Citi and Wells Fargo both said that they had no direct relationship with the company and that their data was obtained by Ascension via third parties that had purchased their loans. The HUD, currently affected by the government shutdown, was unavailable for comment.

Elasticsearch, the technology underlying the Ascension database, has been involved in several security lapses in recent months. Leaked data has included SMS messages, internship applications, and employee complaints about clients of a massage-booking service. [TechCrunch] — Kevin Sun


Related Articles

arrow_forward_ios
Eric Gordon

Eric Gordon on the evolution of the residential data game — and how to stay competitive in the new world

Eric Gordon on the evolution of the residential data game — and how to stay competitive in the new world
Big Tech locations in NYC

MAP: Here’s a look at all the Big Tech locations in NYC

MAP: Here’s a look at all the Big Tech locations in NYC
What will proptech look like in 2019 and beyond?

What will proptech look like in 2019 and beyond?

What will proptech look like in 2019 and beyond?
Gov. Andrew Cuomo has given the go-ahead to reopen schools for in-person learning statewide (Getty; iStock)

School’s back on. Will the NYC resi market follow suit?

School’s back on. Will the NYC resi market follow suit?
Dan GIlbert (Getty, iStock)

Mortgage mogul Dan Gilbert sees net worth quicken to $34B

Mortgage mogul Dan Gilbert sees net worth quicken to $34B
The rate on the 30-year mortgage fell to 2.88 percent, the lowest rate in 50 years (iStock)

30-year mortgage rate hits record low — again

30-year mortgage rate hits record low — again
With many tech companies open to long-term remote work for their employees, questions are being asked about how that will impact the office and residential markets in hubs of tech talent. (iStock)

TRD Insights: What #WFH could mean for office and resi costs in tech hubs

TRD Insights: What #WFH could mean for office and resi costs in tech hubs
New York’s real estate market is becoming two different stories: Manhattan, where deals are falling — and the suburbs, where demand is spiking. (iStock, Unsplash)

Manhattan is cold, the suburbs and Brooklyn are hot: Here’s what the resi market looked like in July

Manhattan is cold, the suburbs and Brooklyn are hot: Here’s what the resi market looked like in July
arrow_forward_ios

The Deal's newsletters give you the latest scoops, fresh headlines, marketing data, and things to know within the industry.

Loading...