20,000 Records Exposed in Scottrade Bank Data Breach
Scottrade Bank confirmed that information from 20,000 commercial loan applications was mistakenly posted on an unsecured cloud database. The database has since been secured.
The unencrypted database included 48,000 lessee credit profile rows and 11,000 guarantor rows. Each entry contained names, Social Security numbers, addresses, phone numbers, plain text passwords and other application information.
Chris Vickery of MacKeeper discovered the issue on March 31 as he was searching for random phrases on s3.amazonaws.com. He immediately contacted the company and worked with them to resolve the problem.
Shea Leordeanu, Scottrade spokesperson, said the database was secured in six hours and an investigation is ongoing.
The breach may have been caused by human error. Scottrade’s third party vendor, Genpact, uploaded the data to its cloud servers without the proper security protocols.
“Genpact and Scottrade are working closely together to complete the review and ensure that any risks to customers are duly addressed. We take the care of customers including the confidentiality of their information very seriously,” the Scottrade statement said.