Scottrade Bank, a subsidiary of Scottrade Financial Services, Inc. suffered a data breach incident after an MSSQL database containing sensitive information on at least 20,000 customers was inadvertently left exposed to the public.
The exposed database had no encryption and included 48,000 lessee credit profile rows and 11,000 guarantor rows.
Each row contained information such as Social Security Numbers, names, addresses, phone numbers, and other information that one would expect a bank to possess.
The database also contained internal information, such as plain text passwords and employee credentials used for API access to third-party credit report websites.
Scottrade notified the affected individuals and resolved the issue soon.
TPRM report: https://scoringcyber.rankiteo.com/company/scottrade
"id": "sco13722822",
"linkid": "scottrade",
"type": "Breach",
"date": "04/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 20000,
'industry': 'Financial Services',
'name': 'Scottrade Bank',
'type': 'Bank'}],
'attack_vector': 'Exposed Database',
'data_breach': {'data_encryption': 'No',
'number_of_records_exposed': ['48,000 lessee credit profile '
'rows',
'11,000 guarantor rows'],
'personally_identifiable_information': ['Social Security '
'Numbers',
'Names',
'Addresses',
'Phone Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer Information',
'Internal Information']},
'description': 'Scottrade Bank, a subsidiary of Scottrade Financial Services, '
'Inc. suffered a data breach incident after an MSSQL database '
'containing sensitive information on at least 20,000 customers '
'was inadvertently left exposed to the public.',
'impact': {'data_compromised': ['Social Security Numbers',
'Names',
'Addresses',
'Phone Numbers',
'Plain Text Passwords',
'Employee Credentials'],
'systems_affected': ['MSSQL Database']},
'response': {'communication_strategy': 'Notified affected individuals',
'remediation_measures': 'Resolved the issue'},
'title': 'Scottrade Bank Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured MSSQL Database'}