Even the best security system in the world is fallible if someone leaves the front door wide open. Thanks to a bungle by one of its external suppliers, 20,000 customers of online US brokerage firm Scottrade have had their sensitive loan applications laid bare to the outside world.
An employee at IT services company Genpact uploaded a confidential database to an Amazon-hosted server, but misconfigured the SQL database – leaving its contents exposed to the elements. Fortunately, a benevolent security adviser stumbled upon the insecure database and alerted Scottrade before a rogue trader could pounce. While Genpact’s hapless staffer is taking the rap, Scottrade does have form – the FBI warned them about a data breach back in 2015.
No doubt fearing the fury of scornful customers, Scottrade has apologised. But this may not be enough to mitigate fallout, as the information was rather loosely secured (aka, not at all). Account passwords were stored in plain text and names, addresses and social security numbers were all included as well – highlighting the high risk badly managed databases pose.