Lender Security Breach Leaves 24 Million Homeowners Private Information Exposed To Identity Thieves 

A massive lender security breach has left the private information of  24 million homeowners exposed on the internet for two weeks.

TechCrunch is reporting that more than 24 million mortgage and banking documents were found online in an unprotected database.

The server had more than a decade’s worth of data. The data contained loan and mortgage agreements and other sensitive financial and tax documents.

TechCrunch reports that the database was only exposed for two weeks. However, that was long enough for independent security researcher Bob Diachenko to find the data.

The database contained mortgage and financial documents stretching back to at least 2008. The documents came from Citigroup, Wells Fargo, Capital One. The documents also include millions of loan information from HUD and FHA.

And worst of all, the documents contained people’s names, addresses, dates of birth. It also included Social Security numbers and other sensitive information found on mortgage documents.

Where The Lender Security Breach Happened

The Texas-based Ascension was the source of the breach. Ascension provides data and analytics to the financial services industry.

The exposed data appears to have come from documents Ascension processed using OCR. OCR converts paper documents into electronic documents.

Again from TechCrunch:

Sandy Campbell, general counsel at Ascension’s parent company, Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion, confirmed the security incident to TechCrunch.

On January 15, this vendor learned of a server configuration error that may have led to the exposure of some mortgage-related documents,” he said in a statement. “The vendor immediately shut down the server in question, and we are working with third-party forensics experts to investigate the situation. We are also in regular contact with law enforcement investigators and technology partners as this investigation proceeds.

The company plans to notify all affected consumers as well as appropriate law enforcement authorities.

For much more on the story, click here to read TechCrunch’s article.