The Cybernews research team discovered a configuration mistake in the OCR Labs system that exposed sensitive data.
The data leak had an effect on Defence Bank, Bloom Money, Admiral Money, MA Money, and Reed.
Using exposed data, threat actors might be able to infiltrate the backend infrastructure of banks and, as a result, the infrastructure of their clients.
Given that financial services are the main target of cybercriminals, businesses, and their customers are seriously at risk.
Cybernews contacted OCR Labs, who then fixed the issue.
Source: https://securityaffairs.com/144514/data-breach/ocr-labs-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/reed
"id": "ree105729523",
"linkid": "reed",
"type": "Data Leak",
"date": "04/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Financial Services',
'name': 'Defence Bank',
'type': 'Bank'},
{'industry': 'Financial Services',
'name': 'Bloom Money',
'type': 'Bank'},
{'industry': 'Financial Services',
'name': 'Admiral Money',
'type': 'Bank'},
{'industry': 'Financial Services',
'name': 'MA Money',
'type': 'Bank'},
{'industry': 'Financial Services',
'name': 'Reed',
'type': 'Bank'}],
'attack_vector': 'Configuration Mistake',
'description': 'A configuration mistake in the OCR Labs system exposed '
'sensitive data, potentially allowing threat actors to '
'infiltrate the backend infrastructure of banks and their '
'clients.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': ['Fixed the configuration '
'mistake'],
'root_causes': ['Configuration Mistake']},
'references': [{'source': 'Cybernews research team'}],
'response': {'remediation_measures': ['Fixed the configuration mistake']},
'title': 'OCR Labs Data Leak',
'type': 'Data Leak',
'vulnerability_exploited': 'Configuration Mistake'}