Do you think your identity is safe? Even with precautions and laws to protect your ID while conducting financial transactions, there can still be a weak link that can put you at risk. The latest data breach reported last week, which you may not have heard about, involved the leaking of over 24 million mortgage documents.
The data breach was discovered and reported by Bob Diachenko, Cyber Threat Intelligence Director of Security Discovery with the assistance of Zack Whitaker of Techcrunch. This data breach was discovered by Diachenko just by searching public search engines. According to Diachenko’s report, the unprotected database contained about 51 GB of credit and mortgages information. The database potentially exposed more than 24 million files.
Essentially, the over 24 million unprotected records (24,349,524 according to Diachenko) that existed on the database were likely scanned (OCR) from original documents. Diachenko stated, “These documents contained highly sensitive data, such as social security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report. This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”
Diachenko and Whitaker tracked down the owner of the database and found that the exposed database belonged to a third party. After the database was secured, however, Diachenko found a second vulnerable server that contained original documents.
According to Whitaker, the documents date as far back as 2008, possibly further. The documents concerned “correspondence from several major financial and lending institutions” including government entities such as HUD. Whitaker stated that not all data was “sensitive,” however the database included: names, addresses, birth dates, Social Security numbers, bank and checking account numbers. They also found some documents that contained other “sensitive financial information,” such as bankruptcy and tax documents, including W-2 forms.
You should read Diachenko and Whitaker’s first report for the details of their investigation and reporting. The reporting of Diachenko and Whitaker is significant because it exposes how your identity and sensitive information can be mishandled in the broader financial transactional process that occurs between entities. Even though direct correspondence with you may be encrypted and secure, security lapses can occur during underwriting and selling a mortgage.
The moral of the story is that once your information is out of your hands, you cannot assume it’s 100 percent secure.
Even blockchain technology, which has been touted as a safe means of digital data management, has weaknesses. And as governments and financial institutions are looking to blockchain as the “answer” to data security, there are reports of “attacks” of increasing sophistication according to James Risberg (Yes, the Blockchain Can Be Hacked; coincentral.com; May 7, 2018).
Be vigilant and proactive to protect your identity and sensitive information. Be wary of unsolicited requests for information, even if it appears to be from someone with whom you are conducting business. Always make a call to confirm the request. Consider a credit freeze to prevent fraudsters from opening credit accounts in your name. Check your credit report regularly and dispute errors. If you’ve been a victim of identity theft, the FTC’s IdentityTheft.gov site can help you report it and create a recovery plan. You can learn more about protecting yourself from identity theft from the FTC (consumer.ftc.gov) and the Federal Reserve (federalreserveconsumerhelp.gov).
Dan Krell is a Realtor® with RE/MAX Success in Potomac, MD. You can access more information at DanKrell.com