Scottrade

Scottrade

Scottrade Bank has acknowledged that 20,000 customer records were exposed due to a technical issue. Unintentionally, a 60GB MSSQL database was left accessible on the internet.

The sensitive loan applications of almost 20,000 customers were compromised, as acknowledged by online brokerage Scottrade.

Sensitive data was uploaded to a server hosted by Amazon by Genpact, an IT services company, triggering the incident. Sadly, the company neglected to secure the priceless archive, leaving it vulnerable online.

Vickery claims that the archive exposes names, addresses, social security numbers, and account passwords in plain text.

Source: https://securityaffairs.com/57773/data-breach/scottrade-bank-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/scottrade

"id": "sco1856211123",
"linkid": "scottrade",
"type": "Data Leak",
"date": "04/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 20000,
                        'industry': 'Banking',
                        'name': 'Scottrade Bank',
                        'type': 'Financial Services'},
                       {'industry': 'Technology',
                        'name': 'Genpact',
                        'type': 'IT Services'}],
 'attack_vector': 'Unsecured Database',
 'data_breach': {'data_encryption': 'No',
                 'number_of_records_exposed': 20000,
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Loan applications'},
 'description': 'Scottrade Bank has acknowledged that 20,000 customer records '
                'were exposed due to a technical issue. Unintentionally, a '
                '60GB MSSQL database was left accessible on the internet.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'social security numbers',
                                 'account passwords'],
            'systems_affected': 'MSSQL database'},
 'post_incident_analysis': {'root_causes': 'Unsecured database'},
 'title': 'Scottrade Bank Data Exposure Incident',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Unsecured Database'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.