Fiserv, Inc.'s web platform exposed personal and financial details of countless customers across hundreds of bank Web sites.
Customer’s email address, phone number and full bank account number was accessible and editable.
A cyber criminal could abuse this access to enumerate all other accounts with activity alerts on file, and to add or delete phone numbers or email addresses to receive alerts about account transactions.
Source: https://krebsonsecurity.com/2018/08/fiserv-flaw-exposed-customer-data-at-hundreds-of-banks/
TPRM report: https://scoringcyber.rankiteo.com/company/fiserv
"id": "fis01771122",
"linkid": "fiserv",
"type": "Data Leak",
"date": "08/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Countless customers across '
'hundreds of bank Web sites',
'industry': 'Financial Technology',
'name': 'Fiserv, Inc.',
'type': 'Financial Services'}],
'attack_vector': 'Web Platform Vulnerability',
'data_breach': {'personally_identifiable_information': ['Email Addresses',
'Phone Numbers',
'Full Bank Account '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Financial Information']},
'description': "Fiserv, Inc.'s web platform exposed personal and financial "
'details of countless customers across hundreds of bank Web '
'sites. Customer’s email address, phone number, and full bank '
'account number were accessible and editable. A cybercriminal '
'could abuse this access to enumerate all other accounts with '
'activity alerts on file, and to add or delete phone numbers '
'or email addresses to receive alerts about account '
'transactions.',
'impact': {'data_compromised': ['Email Addresses',
'Phone Numbers',
'Full Bank Account Numbers'],
'systems_affected': ['Web Platform']},
'motivation': 'Unauthorized Access and Data Manipulation',
'title': 'Fiserv Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Access Control Weakness'}