SECURITY
SECURITY
SECURITY
24M financial records found online in latest Elasticsearch database exposure
Some 24 million financial and banking documents have been exposed online by a financial company in yet another case of a misconfigured database.
The leak involves Ascension, a data and analytics company for the financial industry based in Fort Worth, Texas, according to TechCrunch. Discovered by security researcher Bob Diachenko and published today, the misconfigured Elasticsearch database at the company left more than a decade’s worth of credit and mortgage records exposed.
The data included names, addresses, birth dates, Social Security numbers and bank and checking account numbers, as well as details of loan agreements that include sensitive financial information, such as why the person is requesting the loan. Documents relating to various major banks and financial institutions were also found on the database, including the CitiFinancial company.
It’s not clear how many people may have been affected by the data breach or even whether the data was accessed by malicious actors. Once informed of the data exposure by Diachenko, Ascension quickly secured the database on Jan. 15.
Ruchika Mishra, director of products and solutions at Balbix Inc., told SiliconANGLE that a malicious actor could level significant damage against individuals affected by this breach.
“Actions could range from identity theft, filing false tax returns, applying for loans or credit cards in a victim’s name — the list goes on,” she said. “This exposure is another unfortunate example of a lack of authentication on an Elasticsearch server leading to a massive data leak.”
Mishra added that organizations face the hefty task of continuously monitoring all assets and more than 200 potential attack vectors to detect vulnerabilities.
“Through this process, companies are likely to detect thousands of vulnerabilities—far too many to tackle all at once,” she said. “The key to preventing a breach as devastating as Ascension’s is to leverage security tools that employ artificial intelligence and machine learning that analyze the tens of thousands of data signals to prioritize which vulnerabilities to fix first.”
Photo: M.O. Stevens/Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
