Scottrade Bank was recently under fire after a security researcher found a 60GB MSSQL database containing sensitive information on at least 20,000 customers exposed to the public online.
Chris Vickery found the database on March 31 when searching for random phrases on the domain s3.amazonaws.com. The database he found was not encrypted and contained 48,000 lessee credit profile rows and 11,000 guarantor rows. Each row is said to contain information like Social Security Numbers, Names, Addresses, Phone Numbers, and other information.
The database also contained internal information like plain text passwords and employee credentials. Vickery immediately contacted Scottrade regarding the database and within two days the problem was resolved.
Scottrade insists that the issue was due in part to simple human error and that the third party vendor responsible, Genpact, says it had uploaded the dataset to a cloud server that did not have all the appropriate security protocols in place. “Upon being alerted to the issue, Genpact immediately secured that information, and traced the issue to a configuration error on their part while uploading the file,” the Scottrade statement explained.