NEW YORK – Jan. 24, 2019 – An estimated tens of thousands of loans and mortgages have had private data compromised online, according to an investigation from a security researcher and TechCrunch. The sensitive information that was found mostly dated back to 2008 and included loans from banks like Wells Fargo and Citigroup, among others.
The banks are reportedly in the process of trying to identify the customers affected and inform them of any possible account hacking.
“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” security researcher Bob Diachenko, who discovered the breach, wrote on his blog, SecurityDiscovery.com. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”
Consumers are urged to change the passwords on their financial accounts.
The database that was hacked was not password protected, but in the data theft of that open database, hackers may have gained access to personal information that that they could then use to access a borrower’s other accounts that were password protected.
Source: “Fraud Alert: Your Mortgage Info Could Be at Risk,” USA Today (Jan. 23, 2019) and “Document Management Company Left Credit Reports Online,” SecurityDiscovery.com (Jan. 23, 2019)