On July 18, 2022, Gelt reported a data breach after detecting unusual activity on its servers. The incident involved unauthorized access to the company’s infrastructure, exposing sensitive user data. Compromised information may include email addresses, salted password hashes, legal names, bank names, deposit/withdrawal history, driver’s license or passport pictures, and bank statements. While a full investigation is underway, no definitive evidence of data exfiltration has been confirmed yet. The breach poses significant risks, particularly due to the exposure of financial and personally identifiable information (PII), which could lead to identity theft, fraud, or reputational damage. The company has not disclosed whether the attack was targeted or opportunistic, but the nature of the accessed data suggests a high potential for misuse if exfiltrated. Customers are at risk of phishing attacks, account takeovers, or financial fraud if the stolen hashes are cracked or combined with other leaked details. The incident underscores vulnerabilities in Gelt’s security posture, raising concerns about compliance with data protection regulations and the adequacy of their incident response measures.
TPRM report: https://www.rankiteo.com/company/gelt-financial-corporation
"id": "gel928082125",
"linkid": "gelt-financial-corporation",
"type": "Breach",
"date": "7/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'name': 'Gelt', 'type': 'Company'}],
'data_breach': {'data_exfiltration': 'No conclusive signs found (as of '
'report)',
'file_types_exposed': ['text (emails, names, bank details)',
"images (driver's license/passport "
'pictures)',
'documents (bank statements)'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII and financial '
'records)',
'type_of_data_compromised': ['email addresses',
'salted password hashes',
'legal names',
'bank names',
'deposit and withdrawal history',
"driver's license or passport "
'pictures (PII)',
'bank statements']},
'date_detected': '2022-07-18',
'date_publicly_disclosed': '2022-07-18',
'description': 'Gelt reported a data breach incident on July 18, 2022, '
'following unusual activity detected on their servers. The '
'breach involved unauthorized access to their infrastructure, '
'potentially affecting user data including email addresses, '
'salted password hashes, legal names, bank names, deposit and '
"withdrawal history, driver's license or passport pictures, "
'and bank statements. A full investigation is ongoing, and no '
'conclusive signs of data exfiltration have been found thus '
'far.',
'impact': {'data_compromised': ['email addresses',
'salted password hashes',
'legal names',
'bank names',
'deposit and withdrawal history',
"driver's license or passport pictures",
'bank statements'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (bank statements and transaction '
'history exposed)'},
'investigation_status': 'Ongoing (as of 2022-07-18)',
'response': {'incident_response_plan_activated': True},
'title': 'Gelt Data Breach Incident',
'type': 'Data Breach'}