Blog 24 million U.S. mortgage and loan documents leaked again — and this time, it’s worse
Alex Lloyd February 4, 2019

24 million U.S. mortgage and loan documents leaked again — and this time, it’s worse

If you are paying a mortgage or have taken out a loan from a U.S. bank, your information could have been compromised along with tens of thousands of other customers.

In total, 24 million financial and banking documents were exposed in a massive data breach, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S.

And as TechCrunch has just learned, the breach is even worse than was originally reported.

The breached documents contain loan and mortgage agreements, repayment schedules, and tax documents. Originally, when news of the breach surfaced, the leaked financial documents were in a format that wasn’t easily readable.

Now, however, the data has been exposed yet again — but this time, the original financial documents were found on a random server, easily downloadable, with no password protection or encryption.

It all started by a firm that converted millions of documents using a technology called OCR from their original paper documents to a computer readable format and stored in a database. The unprotected database included customers names, addresses, birth dates, Social Security numbers, and other private financial data.

But without the knowledge to parse this data, the risks were less severe. With the original documents now posted in their entirety to a separate Amazon S3 storage server, anyone can access the data.

The risk of an affected customer becoming a victim of identity theft just went through the roof.

This latest development was found by independent security researcher Bob Diachenko. He found documents from the U.S. Department of Housing and Urban Development, as well as W2 tax forms, loan repayment schedules, and other sensitive financial information in basic PDF format, left on the unsecured server:

“This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards,” said Diachenko in an interview.

HSBC, Well Fargo, Capital One, and other U.S. banks involved in the data breach said that there is an ongoing investigation to find the main source behind this massive leak.

Data breaches are becoming all-too-common. Sadly, we have little control over corporations that fail to secure our data, so it’s important to be proactive and secure your personal data when logging in to public WiFi, when traveling, or even when browsing the web at home.

Avatar
About Alex Lloyd

Alex Lloyd heads Pango's content department. Before joining the team, he was a former professional race car driver—competing in the Indianapolis 500 four times—and has spent the past decade writing content for major publications such as Yahoo and CNN.

View all posts by Alex Lloyd
Subscribe to our newsletter

Become a Hotspot Shield insider to get the latest news, updates, and special offers delivered directly to your inbox.