Fact Checked

Newly discovered data leak exposed millions of banking, financial documents online. Here’s how to better guard your info.

African American woman looks at laptop at night, worried about newly discovered data leakImage: African American woman looks at laptop at night, worried about newly discovered data leak
Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted.

In the latest data-security news, researchers found that about 24 million financial documents from U.S. banks were exposed and accessible online, stored in databases without password protection.

Some of the exposed data included Social Security numbers, names, addresses and checking account numbers. It’s suspected that the data exposure only lasted about two weeks, and there have been no reports of malicious activity using the exposed information, but the scale of this lapse is a reminder to safeguard your data.

Working with TechCrunch, independent security researcher Bob Diachenko discovered the security flaw on January 10, and traced it back to Ascension, a data and analytics company working with financial institutions to convert paper records to a computer-readable format.

The exposed data was stored on a server that wasn’t password protected, meaning anyone with the know-how could have accessed it.

Ascension has stated that the database in question was shut down on January 15, after it was alerted to the security vulnerability. But some of these original loan and mortgage documents may also have been exposed in a separate unprotected database used by a vendor working with Ascension, OpticsML, and it’s unclear if anyone accessed the documents there.

This latest instance of exposed data is a timely reminder that your information isn’t always properly safeguarded by third parties. Here are some tips to help you keep your data more secure online.

  • Keep passwords secure. Even though there haven’t been any reports of data misuse following this data leak, it serves as a reminder that your information can be vulnerable online. It’s a good idea to make sure you don’t use the same password in multiple places. If you need help remembering your various passwords, consider using a password manager.
  • Add multifactor authentication. Even if you have a strong password, some websites may not have secure data-storage methods. For an added layer of protection, think about enabling two-factor authentication on any site or account that offers it.
  • Monitor your credit reports and consider locking or freezing your credit. Both locks and freezes can help prevent new accounts from being opened in your name. You can ask the three major consumer credit bureaus — Equifax, Experian and TransUnion — to freeze or lock your credit reports at any time.

As a Credit Karma member, you can track your credit lock status with Equifax and TransUnion using our Identity Monitoring tool. And you can enable our free credit monitoring service and we’ll notify you if we notice important changes on your Equifax or TransUnion credit reports so that you can check for suspicious activity.


About the author: Paris Ward is a content strategist at Credit Karma, providing readers with the latest news that will aid their financial progress. She has more than a decade of experience as a writer and editor and holds a bachelor’s… Read more.