Approximately 885 millions of records of transactions and personal information has been made available online in one of the major financial companies that stand in the US. This Friday, the data has been made offline.
The leaked information included records of wired transactions, mortgage paperwork, Social Security numbers, driver’s license, account statements and detailed information of buyers and sellers. The files could be easily accessed and even distributed without any authentication.
Security reporter Brian Krebs was alerted of the major leakage who prompted First American Corporation regarding the issue. First American Corporation itself employs 18,000 people and has over $9.5 billion of assets. The company has emphasized that they put “security, privacy, and confidentiality” as their first priority.
A spokesperson from First American Corporation explained that the bug resulted from a “design defect” from their production applications. The company is currently analyzing and calculating the magnitude of impact from the information leakage.
Leaked data could be traced as far back as 2003 and was solely available to be accessed only through First American’s website.
Krebs, who was the person that first reported the issue, said, “I do not have any information on whether this fact was known to fraudsters previously, nor do I have any information to suggest the documents were somehow mass-harvested (although a low-and-slow or distributed indexing of this data would not have been difficult for even a novice attacker).”