On April 27, 2017, Funding Circle USA, Inc. experienced a data breach due to a vulnerability in one of its databases. The exposed information included sensitive personal details such as names, addresses, contact information, and social security numbers of guarantors. While the vulnerability had the potential to compromise this data, investigations confirmed that no third-party access or theft of customer information occurred. The exact number of affected individuals remains undetermined. The incident was formally reported to the California Office of the Attorney General on May 30, 2017. The breach highlighted a critical gap in database security, though the lack of confirmed unauthorized access mitigated the immediate fallout. However, the exposure of personally identifiable information (PII) posed a latent risk of identity theft or fraud if exploited in the future.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-69212
TPRM report: https://www.rankiteo.com/company/funding-circle
"id": "fun1001082025",
"linkid": "funding-circle",
"type": "Vulnerability",
"date": "4/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Unknown (guarantors only; no '
'customer data accessed)',
'industry': 'FinTech',
'location': 'California, USA',
'name': 'Funding Circle USA, Inc.',
'type': 'Financial Services (Peer-to-Peer Lending)'}],
'data_breach': {'data_exfiltration': 'None confirmed (no evidence of access '
'by third parties)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Addresses',
'Contact information',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2017-04-27',
'date_publicly_disclosed': '2017-05-30',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Funding Circle USA, Inc. A vulnerability was '
'discovered in a database potentially exposing names, '
'addresses, contact information, and social security numbers '
'of guarantors. It was confirmed that no customer information '
'was accessed by third parties.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Contact information',
'Social Security Numbers (of guarantors)'],
'identity_theft_risk': 'Potential (SSNs exposed)',
'systems_affected': ['Database']},
'investigation_status': 'Completed (no evidence of unauthorized access)',
'post_incident_analysis': {'root_causes': 'Database vulnerability'},
'references': [{'date_accessed': '2017-05-30',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Funding Circle USA, Inc. Data Breach (2017)',
'type': 'Data Breach',
'vulnerability_exploited': 'Database vulnerability'}