A Canadian mortgage broker’s database containing personal information on thousands of people was left open on the internet, according to security researchers.
Access to the database belonging to Toronto-based 8Twelve Financial Technologies was quickly restricted after the company was notified by researcher Jeremy Folwer and the staff of Website Planet, which offers resources for website builders.
According to a report issued today, the database has 717,814 records on thousands of Canadian residents, with home mortgage loan-related information including names, phone numbers, email addresses, physical addresses, and more. Many of the records appeared to be mortgage leads of people who want to buy a house, refinance, obtain an equity line of credit, or purchase an investment property, the report says.
“We immediately sent a responsible disclosure notice and 8Twelve acted fast and professionally by restricting public access within hours of our discovery,” the researchers say.
In an interview, 8Twelve Financial president and CIO Akber Abbas said a staffer made a mistake in December when shifting data to an AWS bucket. “This incident happened when one of our report analysts was working on a migration and accidentally left one of the ports open. It was quickly identified through our penetration testing. No data was removed from our server. That person was subsequently let go from the organization. We have solutions now in place to protect us moving forward.”