CreditMate , operated by Urja Money Private Limited, exposed files contained 4,717 reports of connecting to CIBIL credit reporting service, and 18,913 JSON reports with 7277 email addresses.
The credit reports were from 2016 – the present.
It is a financial technology company that provides services to various banking and financial services companies and non-banking financial companies such as Optimus Finance Limited.
The exposed reports contained data fields such as member reference number, enquiry number, enquiry purpose, amount of loan being sought, full name, date of birth, gender, income tax ID number (PAN), passport number, driver’s license number, universal ID number, telephone number, mail address
employment information, employment income, CIBIL credit score, residential address, office address,
payment history of other loans/credit cards.
The COO said in order to protect consumers, pending outcome of the investigation, TransUnion CIBIL has suspended Optimus’ access.
TPRM report: https://scoringcyber.rankiteo.com/company/creditmate
"id": "pay153611922",
"linkid": "creditmate",
"type": "Data Leak",
"date": "08/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'name': 'CreditMate',
'type': 'Financial Technology Company'}],
'data_breach': {'file_types_exposed': ['JSON'],
'number_of_records_exposed': 18913,
'personally_identifiable_information': ['member reference '
'number',
'enquiry number',
'enquiry purpose',
'amount of loan being '
'sought',
'full name',
'date of birth',
'gender',
'income tax ID number '
'(PAN)',
'passport number',
'driver’s license '
'number',
'universal ID number',
'telephone number',
'email address',
'employment '
'information',
'employment income',
'CIBIL credit score',
'residential address',
'office address',
'payment history of '
'other loans/credit '
'cards'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Financial Information',
'Credit Information']},
'description': 'CreditMate, operated by Urja Money Private Limited, exposed '
'files containing 4,717 reports of connecting to CIBIL credit '
'reporting service, and 18,913 JSON reports with 7,277 email '
'addresses. The credit reports were from 2016 to the present. '
'The exposed reports contained sensitive data fields such as '
'member reference number, enquiry number, enquiry purpose, '
'amount of loan being sought, full name, date of birth, '
'gender, income tax ID number (PAN), passport number, driver’s '
'license number, universal ID number, telephone number, email '
'address, employment information, employment income, CIBIL '
'credit score, residential address, office address, and '
'payment history of other loans/credit cards.',
'impact': {'data_compromised': ['member reference number',
'enquiry number',
'enquiry purpose',
'amount of loan being sought',
'full name',
'date of birth',
'gender',
'income tax ID number (PAN)',
'passport number',
'driver’s license number',
'universal ID number',
'telephone number',
'email address',
'employment information',
'employment income',
'CIBIL credit score',
'residential address',
'office address',
'payment history of other loans/credit '
'cards']},
'investigation_status': 'Pending',
'response': {'containment_measures': 'TransUnion CIBIL has suspended Optimus’ '
'access.'},
'title': 'CreditMate Data Exposure Incident',
'type': 'Data Exposure'}