A data leak by a former ABN Amro Mortgage analyst put the sensitive information of more than 5,000 mortgage customers at risk of being shared, and ultimately compromised by millions on a popular file sharing application.
The former analyst had three spreadsheets full of sensitive customer information on her personal computer, including social security numbers, which unknowingly, were available to be shared along with her other files to millions of users.
After a Dow Jones reporter broke the story, data leak protection company Tiversa Inc. traced the leak back to a computer in Florida using the popular peer-to-peer file sharing software BearShare, and found that the customer data had already been shared with other users on the network.
“There is no question in my mind that … identity thieves have these files, and if they haven’t already, they will be acting on them very soon,” Tiversa Inc. Chief Executive Robert Boback said Friday.
Boback noted that a billion searches are conducted via P2P networks daily, and that many search queries contain bank names and the word “password”.
The problem with many of these P2P networks is that upon setup, the programs typically ask which files a user would like to share, and offer a simple or default option which automatically shares nearly everything on the user’s computer.
Most users breeze through these setup stages without thinking twice, allowing all the data on their computer to be shared with anyone else on the networks .
What’s scary is that highly sensitive information is passed amongst computers on a daily basis in the mortgage industry, and any one of those computers could have a P2P program installed which may be set to share all files, resulting in a serious data leak.
Unfortunately, the problem has become so widespread now that criminals actually troll the networks for the sole purpose of coming across sensitive data that can used to commit identity theft.
Michael Hanretta, a spokesman for ABN parent company Citigroup Inc., said the company was investigating the matter.
“Citi’s information-security standards require that confidential information be stored on Citi-managed devices,” he said in a statement.
“Protecting customer information remains a priority at Citi and we remain fully committed to physical, electronic and procedural safeguards to protect personal information.”
The security breach signals the possibility that numerous, similar data leaks may have occurred, and will continue to take place if users aren‘t more careful.
If anything, the news should be a big heads-up to mortgage industry employees to pay close attention to customer security, including independent contractors such as mortgage brokers and loan officers who often share sensitive data on their personal computers.