TCM Bank exposed credit card applicants most personal information

Security / Tech
TCM Bank

While TCM Bank was able to fix the situation the day after they discovered it, it still went undetected for months.

A week hasn’t even gone by and here we already talking about another new data breach. This time it’s TCM Bank. TCM Bank is a company that helps smaller banks with the process of issuing credit cards to customers. The company says the breach was caused by a website misconfiguration. Customers who applied for a credit card through TCM Bank from March 2017 through July 2018 are potentially affected.

Bruce Radke, an attorney working with TCM on its breach outreach efforts to customers, said fewer than 10,000 consumers who applied for cards were affected. Radke declined to name the third-party vendor, saying TCM was contractually prohibited from doing so.

“It was less than 25 percent of the applications we processed during the relevant time period that were potentially affected, and less than one percent of our cardholder base was affected here,” Radke said. “We’ve since confirmed the issue has been corrected, and we’re requiring the vendor to look at their technologies and procedures to detect and prevent similar issues going forward.”

Alisdair Faulkner, chief identity officer at ThreatMetrix, A LexisNexis Risk Solutions Company sent us this commentary on the TCM breach:

“It’s no longer just about these massive data breaches; what happens next is a billion-dollar problem. You don’t need to break through the window if you can walk in the front door, which is why identity information is so valuable for cybercriminals. In the wake of data breaches, we see fraud attack volumes double or triple on our global network.

Hackers use this leaked information to piece together convincing synthesized identities, open new lines of credit, hack into existing accounts and make fraudulent purchases. To proactively defend themselves and their consumers, digital businesses need to assess each and every customer transaction based on whether it is their true digital identity – or a fraudster posing as them. Breached identities are the key to our digital lives. Organizations will be held accountable for not changing the locks, even if they’re the victims themselves.”

While TCM Bank was able to fix the situation the day after they discovered it, it still went undetected for months. This is why, more than ever, businesses need to stay ahead of the curve in cybersecurity.

What do you think of the TCM Bank breach? Let us know in the comments below or on GooglePlus, Twitter, or Facebook.

  Source: Krebs On Security
Comments
To Top