Hundreds of Thousands of Customer’s Information Compromised in Auto Lender Data Breach

Media Division | April 28, 2017

If you follow our blog posts, you have likely seen the several posts in regard to breaches due to unsecured databases as of late. A multitude of companies continue to be negligent in properly securing their databases that contain wide ranges of customer information. Security should be one of the most forefront points when creating and maintaining a database like this, and yet it apparently becomes relegated to lower importance or is handled improperly.  In yet another unsecured database incident, a U.S. auto lender had left at least 500,000 customer’s information exposed through a lack of security.

What Was Exposed in the Breach

The data repository was owned by Alliance Direct Lending Corporation. Ironically, their website promotes their protection of customer information through encryption.  The exposed database was held on an Amazon cloud storage device, and it was discovered by Kromtech Security Researchers.  When reviewed, more than 200 out of 1000 files were left unsecured.  The information contained in these files included a wide range of customer purchase data, including names, addresses, vehicle information, FICO scores, and the last four digits of Social Security numbers.  And even worse, it also held recordings of conversations between the company and customers which contained names, phone numbers, and full Social Security numbers. According to reports, the data had been secured as of Tuesday.

Information such as the above can be used for a multitude of malicious purposes.  The largest dangers being identity theft and fraud. Thieves could potentially use it to open fraudulent bank and credit card accounts, allowing them to run wild.

There is no information as to whether the database had been accessed by any malicious actors or others in general.  It is unclear as to how long this database was able to be accessed.  According to Kromtech, the IT administrator had stated that the information had not been up for that long, but Kromtech had also found that the last time the storage device was modified was in late December.

Kromtech has discovered several online databases like this that left significant details exposed.  Just earlier this week, they had reported upon a data breach of a trading brokerage organization called AMP, which exposed information such as passport scans.  They had also discovered the recent data breach of Schoolzilla, a data warehouse for school’s, which we had written about last week.

Rapid Response Time With Data Breach Solutions

The organization above may have been extremely fortunate if their data was not accessed by a malicious criminal, but of course, this is not always the case.  Inadvertent data breaches are taken advantage of by cyber attackers frequently, and many data breaches are caused by cyber attackers. In our modern age, the customer data and digital content of a company is one of their most valuable assets, and they need to ensure it is protected.  But, if there does happen to be an instance of a breach, an organization needs to be able to react rapidly with data breach solutions.  The proper addressal of a breach can help to limit the extent of damage to the organization and their customers.  A breach can result not only in the loss of information and funds but also in the damage of consumer trust and reputation.  Massive Alliance’s data breach solutions can help an organization to address the hellacious occurrence of a breach.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.