Scottrade Bank has acknowledged that 20,000 customer records were exposed due to a technical issue. Unintentionally, a 60GB MSSQL database was left accessible on the internet.
The sensitive loan applications of almost 20,000 customers were compromised, as acknowledged by online brokerage Scottrade.
Sensitive data was uploaded to a server hosted by Amazon by Genpact, an IT services company, triggering the incident. Sadly, the company neglected to secure the priceless archive, leaving it vulnerable online.
Vickery claims that the archive exposes names, addresses, social security numbers, and account passwords in plain text.
Source: https://securityaffairs.com/57773/data-breach/scottrade-bank-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/scottrade
"id": "sco1856211123",
"linkid": "scottrade",
"type": "Data Leak",
"date": "04/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 20000,
'industry': 'Banking',
'name': 'Scottrade Bank',
'type': 'Financial Services'},
{'industry': 'Technology',
'name': 'Genpact',
'type': 'IT Services'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'data_encryption': 'No',
'number_of_records_exposed': 20000,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Loan applications'},
'description': 'Scottrade Bank has acknowledged that 20,000 customer records '
'were exposed due to a technical issue. Unintentionally, a '
'60GB MSSQL database was left accessible on the internet.',
'impact': {'data_compromised': ['names',
'addresses',
'social security numbers',
'account passwords'],
'systems_affected': 'MSSQL database'},
'post_incident_analysis': {'root_causes': 'Unsecured database'},
'title': 'Scottrade Bank Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Unsecured Database'}