Data leak lets out account information from bond insurer MBIA

Leaking pipes
Credit: Wikipedia

A data leak from the Municipal Bond Insurance Association has exposed a large amount of customer information including account numbers, balances and account holder names, according to the blog KrebsOnSecurity.

The leak was caused by a misconfigured Oracle Reports database server, KrebsOnSecurity blogger Brian Krebs wrote. Instead of being accessible only to authorized users, the information was exposed on the Web, including some that had already been indexed by search engines.

MBIA, a company in Purchase, New York, that insures bonds and provides asset management advisory services, said it has taken the affected server offline.

"We have been notified that certain information related to clients of MBIA's asset management subsidiary, Cutwater Asset Management, may have been illegally accessed. We are conducting a thorough investigation and will take all measures necessary to protect our customers' data, secure our systems, and preserve evidence for law enforcement," MBIA spokesman Kevin Brown said in a prepared statement.

Security researcher Bryan Seely of Seely Security discovered the data using a search engine, and the exposed data included information about the accounts of several public investment pools, the blog said.

MBIA has annual revenue of US$1.64 billion, according to Yahoo Finance.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.