A recent report from Brian Krebs underscores an important point: the risk of exposure online, particularly that a person’s sensitive data will be compromised, is increasing. Not alarmingly so, but certainly at times from unpredictable sources.
This week, Krebs explained that a bond insurer’s misconfigured server somehow initiated a chain-reaction that ultimately ended with 230 pages of account statements online and indexed by search engines.Those statements are said to include account and routing numbers, balances, dividends and account holder names for the members of a handful of local government investment pools.
The breached bond insurer is a subsidiary of MBIA Inc., which is reportedly the largest provider of bond insurance in the United States, called Cutwater Asset Management.
The good news is that MBIAn Inc. says it has since fixed the problem that led to the breach. Affected customers, according to the companies involved, will have been contacted already.
The bad news, as is so succinctly described in the Krebs report, is that “the documents indexed by search engines featured detailed instructions on how to authorize new bank accounts for deposits, including the forms and fax numbers needed to submit the account information.”
Obviously this is a pretty small breach compared to recent ones at the Home Depot, Target, JP Morgan and all the others we discussed in the most recent edition of the Talk Security podcast.
The risk of suffering a #databreach is increasing from unexpected sourcesTweet
However, the fact that this breach, which is likely bad for anyone unlucky enough to have been impacted by it, is additionally troubling because it was caused by a simple, seemingly overlooked, server configuration error.