The Target: Transcredit, a Florida based credit reporting company.
The Take: Exposure of 822, 789 records of Personally Identifiable Information including: first and last names, emails, bank information, notes of payment history, internal User ID’s and passwords, full data schema detailing where and how data stored.
The Vector: An unsecured, non-password protected database was found open and accessible by anyone with an internet connection.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, the access credentials which were exposed could lead to pivot attacks by breaching other IT systems belonging to the firm.