Connect with us

Business

24 Million Mortgage And Bank Loan Documents Leaked Online

Editor

Published

on

A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse.

The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.

But it wasn’t protected with a password, allowing anyone to access and read the massive cache of documents.

It’s believed that the database was only exposed for two weeks — but long enough for independent security researcher Bob Diachenko to find the data. At first glance, it wasn’t immediately known who owned the data. After we inquired with several banks whose customers information was found on the server, the database was shut down on January 15.

With help from TechCrunch, the leak was traced back to Ascension, a data and analytics company for the financial industry, based in Fort Worth, Texas. The company provides data analysis and portfolio valuations. Among its services, the Ascension converts paper documents and handwritten notes into computer-readable files — known as OCR.

It’s that bank of converted documents that was exposed, Diachenko said in his own write-up.

Sandy Campbell, general counsel at Ascension’s parent company, Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion, confirmed the security incident to TechCrunch, but said its systems were unaffected.

“On January 15, this vendor learned of a server configuration error that may have led to exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.”

An unspecified portion of the loans were shared with the contractor for analysis, the statement added, but couldn’t immediately confirm how many loan documents were exposed.

TechCrunch has learned that the vendor is New York-based company OpticsML. Efforts to reach the company were unsuccessful. Its website is offline and its phone number was disconnected from service.

In a phone call, Campbell confirmed that the company will inform all affected customers, and report the incident to state regulators under data breach notification laws.

From our review, it was clear that the documents pertain to loans and mortgages and other correspondence from several of the major financial and lending institutions dating as far back as 2008, if not longer, including CitiFinancial, a now-defunct lending finance arm of Citigroup, files from HSBC Life Insurance, Wells Fargo, CapitalOne and some U.S. federal departments, including the Department of Housing and Urban Development.

Some of the companies have long been defunct, after selling their mortgage divisions and assets to other companies.

Though not all files contained the highly sensitive and personal data points, we found: names, addresses, birth dates, Social Security numbers and bank and checking account numbers, as well as details of loan agreements that include sensitive financial information, such as why the person is requesting the loan.

Some of the documents also note if a person has filed for bankruptcy and tax documents, including annual W-2 tax forms, which are targets for scammers to claim false refunds.

But the database stored documents in a random order, and were not easily followable or presented in an easy to read or formatted way, making it difficult to follow from one document to another, said Diachenko.

We verified the authenticity of data by checking a portion of names in the database with public records.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko told TechCrunch. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

Although the documents originate from these financiers, one bank — Citi, which helped to secure the data — said it had no current relationship with the company.

“Citi recently became aware that a third party, with no connection to Citi, was storing certain mortgage origination and modification documents in an unsecure online environment,” said a Citi spokesperson. “These documents contained information about current or former Citi customers, as well as customers from other financial institutions. Citi notified law enforcement, initiated a thorough forensic investigation and worked quickly to ensure the information could no longer be publicly accessed.”

Citi confirmed that “third party is a vendor to a company that had purchased the loans and we have found no evidence that Citi’s systems were compromised.”

The bank added that it’s working to identify potentially affected customers.

Dozens of other companies are affected, including smaller regional banks and larger multinationals.

A Wells Fargo spokesperson said the data was obtained by Ascension from other entities that purchased Wells Fargo mortgages. HSBC said it was investigating if any of its customers’ data, including past customers, and confirmed it had “no vendor relationship with Ascension since 2010.” When reached, CapitalOne did not comment at the time of publication. A Housing and Urban Development spokesperson did not respond to a request for comment. The department is currently affected by the ongoing government shutdown. If anything changes, we’ll update.

It’s the latest in a series of security lapses involving Elasticsearch databases.

A massive database leaking millions of real-time SMS text message data was found and secured last year, as well as a popular massage service and, most recently, AIESEC, the largest youth-run nonprofit for working opportunities.

Updated at 5pm ET: with comment from HSBC and additional details regarding OpticsML.

Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Source link

قالب وردپرس

Business

Ontario’s new automated speed enforcement explained

Editor

Published

on

By

(NC) To wage the war against speeding, many municipalities across Ontario have turned to automated speed enforcement. Most recently introduced in Toronto, speed cameras are a high-tech solution to reduce speeding and are considered one of the most effective ways to create safer roads and save lives.  

Recognizing police officers cannot catch all speeders, these cameras fill the gap, providing monitoring in specific locations around the clock. When a car’s speed is even one kilometre over the posted amount, it will take a picture of the offending vehicle’s license plate, using the captured photo as indisputable evidence. A ticket is then served to the vehicle’s owner, regardless of who was driving. 

With a focus on high-risk areas, Ontario’s automated speed enforcement cameras are located in two specific municipal areas: school and community safety zones. School zones are designated streets close to a school, featuring reduced speed limits as dictated by local bylaws. Community safety zones are high-risk corridors and intersections, subject to increased fines and penalties.  

While the Ontario Highway Traffic Act outlines the use of automated speed enforcement, municipalities can decide when and where to use cameras to curb speeding. The act does dictate financial penalties for speed violations captured with cameras, which vary depending on the number of kilometres caught over the speed limit.  

Speed enforcement is not new, but part of a broader, integrated road safety strategy that includes infrastructure improvements, awareness campaigns and new uses of technology. City officials hope for a halo effect, inspiring better driving behaviour across entire communities, not only in areas with cameras. A controversial topic, some critics take exception to speed cameras, labelling them as sneaky cash grabs for municipalities. Governments think the opposite. 

Safety advocate and auto insurance provider Onlia is hopeful that the cameras will provide drivers with a reminder to slow down, especially in high-risk areas like school and community safety zones.  

For those who obey the speed limit, automated speed enforcement shouldn’t change anything about your driving style, says Alex Kelly, Safety Ambassador at OnliaDrivers have fair warning as they approach areas with speed cameras, as mandatory signs provide reasonable notice of upcoming automated speed enforcement. Regardless of warnings, the best speed is the posted speed. 

You can start to understand your speeding style by downloading the insurance provider’s new safe driving app that coaches and rewards for you for safe driving habits.

Continue Reading

Business

Online banking: How to protect yourself from fraud

Editor

Published

on

By

(NC) Since the start of the COVID-19 crisis, a growing number of consumers are regularly using mobile and online banking to paybill payments, transfer money and make purchases.

Although these tools can give you easy access to your personal finances on demand, there are also some risks involved. For instance, your banking information—such as your debit or credit card number, user name, or personal identification number (PIN)—could be stolen. If criminals have access to your online banking information, they can steal your money, which is why it’s so important to be  vigilant when you bank online.

Follow these tips to help protect your personal and banking information:

  • For your online bank accounts, use a strong password that can’t be easily guessed, and never share your user name or password with anyone.
  • Check your accounts regularly to make sure there are no transactions you didn’t make or authorize.
  • When making online purchases, never authorize a website to save your credit card information, password or other personal information. Giving websites this permission will save you some time the next time you access the site, but it poses a real threat if a hacker manages to access your information.

Most financial institutions have policies to protect you from transactions that you didn’t make.

However, you are responsible for protecting your online and mobile banking information. If you give your details to anyone—including your spouse or partner, a family member or a friend—your financial institution may hold you responsible for any unauthorized transactions in your account, and even strip you of protection from unauthorized transactions in the future.

If you suspect your information may have been compromised, change your passwords immediately, and check your account and credit card statements for anomalies and report any suspicious transactions to your financial institution.

The Financial Consumer Agency of Canada has created resources to help you protect your online banking information.

Continue Reading

Business

Payday loans: Not the best way to borrow money

Editor

Published

on

By

(NC) Payday loans are a very expensive way to borrow money. Even if you’re struggling financially, think twice—and crunch the numbers—before getting this type of loan.

Depending on the rules in your province, payday lenders can charge fees of $15 to $25 per $100 that you borrow.

As an example, let’s say you borrow $300 for home repairs. The payday lender charges you $51 in fees, or $17 for every $100 borrowed. Your loan balance is therefore $351, which amounts to an interest rate of 442 per cent.

There can be serious consequences if you don’t repay your loan by the due date. These may include the following:

  • The payday lender may charge you a fee if there isn’t enough money in your account.
  • Your financial institution may also charge you a fee if there isn’t enough money in your account.
  • The total amount that you owe, including the fees, continues to increase.

There are better options out there

Payday loans should be your last resort to borrow money. Consider cheaper ways of borrowing money, such as:

  • Cashing in vacation days or asking for a pay advance from your employer.
  • Getting a line of credit, a cash advance on a credit card or a personal loan from your financial institution.
  • Getting a loan from family or friends.

Before getting a payday loan and to avoid getting stuck in a debt trap, consider other, less expensive ways to borrow money.

Continue Reading

Chat

Trending