Data leak releases account information from bond insurer MBIA

The data includes account numbers, balances and more, according to a security blog

financial figures magnifying glass tax finance report financial figures bank statement 000001825418
Credit: iStockphoto

A data leak from the Municipal Bond Insurance Association has exposed a large amount of customer information including account numbers, balances and account holder names, according to the blog KrebsOnSecurity.

The leak was caused by a misconfigured Oracle Reports database server, KrebsOnSecurity blogger Brian Krebs wrote. Instead of being accessible only to authorized users, the information was exposed on the Web, including some that had already been indexed by search engines.

MBIA, a company in Purchase, New York, that insures bonds and provides asset management advisory services, said it has taken the affected server offline.

"We have been notified that certain information related to clients of MBIA's asset management subsidiary, Cutwater Asset Management, may have been illegally accessed. We are conducting a thorough investigation and will take all measures necessary to protect our customers' data, secure our systems, and preserve evidence for law enforcement," MBIA spokesman Kevin Brown said in a statement.

Security researcher Bryan Seely of Seely Security discovered the data using a search engine, and the exposed data included information about the accounts of several public investment pools, the blog said.

MBIA has annual revenue of $1.64 billion, according to Yahoo Finance.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.