Scottrade Bank breached, exposing customers personal information
The incident took place when a third-party vendor uploaded a file to a server without putting the proper security protocols in place. Chris Vickery, a cybersecurity researcher, first hinted about the breach on his Twitter feed April 1 saying he was able to download a large bank-related MSSQL database containing plaintext passwords, according to SC Magazine.
He followed up the next day saying the bank, eventually named as Scottrade, had responded to his breach notification and patched the problem.
In an official statement on the data breach, the bank blamed Genpact, one of its vendors, who pushed a file to a server containing commercial loan application information of the B2B unit that is housed within Scottrade Bank.
Answering back, the vendor confirmed that it had uploaded a data set to one of its cloud servers that did not have all security protocols in place. However, the company immediately secured that information, and traced the issue to a configuration error on their part while uploading the file.
No other Scottrade customer information was at risk, the company continued, and the breach is being investigated.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright