News

Scottrade Bank breached, exposing customers personal information

Friday 7 April 2017 10:43 CET | News

Scottrade Bank has confirmed that customers’ personal information was inadvertently left open to the public, exposing 20,000 records.

The incident took place when a third-party vendor uploaded a file to a server without putting the proper security protocols in place. Chris Vickery, a cybersecurity researcher, first hinted about the breach on his Twitter feed April 1 saying he was able to download a large bank-related MSSQL database containing plaintext passwords, according to SC Magazine.

He followed up the next day saying the bank, eventually named as Scottrade, had responded to his breach notification and patched the problem.

In an official statement on the data breach, the bank blamed Genpact, one of its vendors, who pushed a file to a server containing commercial loan application information of the B2B unit that is housed within Scottrade Bank.
Answering back, the vendor confirmed that it had uploaded a data set to one of its cloud servers that did not have all security protocols in place. However, the company immediately secured that information, and traced the issue to a configuration error on their part while uploading the file.

No other Scottrade customer information was at risk, the company continued, and the breach is being investigated.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Scottrade Bank, data breach, customers, bank, personal data, US, Genpact, security, fraud prevention
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions

,

Securing Transactions