According to TechCrunch reports, because of server security breaches, many large US banks leaked more than 24 million financial and banking information, involving a large number of loans and mortgage information. The Elasticsearch database runs on the affected servers and contains more than 10 years of historical data, such as loan and mortgage agreements, repayment plans, sensitive financial and tax documents. These files are not protected by a password and can be viewed by anyone.
The researchers believe that the database was only exposed for two weeks and the database was shut down on January 15. The leak seems was traced back to Ascension, a Texas financial data and analytics company that provides data analysis and portfolio valuation analysis services. During the service process, Ascension converts paper documents and handwritten text into files that can be read by computers.
Executives at Ascension’s parent company, Rocktop Partners, confirmed that the server was vulnerable, but the system was not affected. On January 15th, the vendor made a mistake in configuring the server, causing some mortgage-related documents to leak. However, the vendor quickly shut down the problem server and Rocktop Partners is working with third-party experts to investigate.