
Millions of mortgage and loan documents with sensitive financial data on tens of thousands of individuals were found exposed on a server without a password.
The trove included 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S.
What happened: TechCrunch traced the source of the data to a password-less server in Texas that belonged to data and analytics company, Ascension (which promptly blamed a vendor).
The unprotected server had more than a decade’s worth of data, including loan and mortgage agreements, repayment schedules and financial and tax documents.
What leaked: One of the services Ascension offers is the conversion of paper documents and handwritten notes into computer-readable files, known as OCR. The documents were in OCR format and were hard, but not impossible, to read. Personally-identifiable information like names, addresses and Social Security numbers were exposed.
A researcher found similar data exposed on an AWS server.
Ascension’s parent company is Rocktop Partners, which owns more than 46,000 loans worth $4.4 billion.