Scottrade Bank has recently secured a database of 20,000 customers that was exposed to the public. The database was accidentally discovered on March 31st by Chris Vickery, a MacKeeper researcher, who was searching for random keyword phrases on the domain s3.amazonaws.com.
Immediately after, he contacted the bank’s staff, and was eventually transferred to the bank’s security team that secured the data. Two days later, the problem was resolved, and Vickery confirmed this as well.
The database in question had no encryption whatsoever and included 48,000 lessee credit profile rows and 11,000 guarantor rows. The following data was leaked:
– Social security numbers
– Phone numbers
– Other information
This is a huge data security oversight that will stain Scottrade Bank’s reputation for years. According to Vickery, the database was even storing passwords in plain text as well as API employee credentials used for accessing third-party credit report websites.
Shea Leordeanu, Scottrade Bank’s spokesperson, explained that the database was secured in six hours. The company emphasized that human error was to blame, and that their systems remain secure and not involved. Supposedly, the API credentials were a part of a legacy system that is now decommissioned.
Apparently, Genpact, a third-party vendor, uploaded the database to a cloud computing server that did not have the proper security protocols in place. As a result,, the database was exposed for everyone to see for quite a while. Genpact attributed this to a misconfiguration error.