Financial Database Leak leads to over 500,000 Documents Exposed Online

Two financial companies that appear to be connected were the apparent leakers of a financial database leak of important client and employee data. The database was linked to the MCA Wizard app, which was created by Argus and Advantage. According to vpnMentor, who discovered the unsecured information online, Argus and Advantage had stored more than 500,000 sensitive documents—many of them financial records or personally identifiable information—in an Amazon Web Services S3 storage bucket. These cloud-based servers allow companies to store data off-site and access it remotely. However, as many other companies have learned, the security protocols are not automatic. That means the S3 bucket is not automatically password protected or requires other security steps.

The information that the security researchers discovered from the financial database leak contained a wide variety of uploaded documents. Credit reports, driver’s licenses, tax returns, bank account information and access, Social Security information and much more was included in the database, which was discovered in December of 2019. Since the date of the discovered financial database leak, the researchers saw new information added to the compromised database.

Attempts to reach the companies were also unsuccessful. VpnMentor was unable to find contact information for one of them, and emails to the other company came back as undeliverable. The only recourse was to contact Amazon Web Services, who was eventually able to take down the database.

There has been no word yet on data breach letters being issued due to the financial database leak or if any malicious hackers accessed the database before it was taken down. Potentially, anyone who thought to look for it was able to access the entire cache of information, which is how the researchers discovered it. In the meantime, there are steps that consumers can take if they are concerned that they have done business with these companies or their information might have been included in the compromised database.

1. Victims should place a freeze on their credit report with the three major reporting agencies.
2. People should sign up for alerts from their financial institution that will notify them of activity on their accounts.
3. It would be encouraged for people to change the passwords on any sensitive accounts.
4. Victims should enable two-factor authentication on important accounts.
5. People should monitor their accounts closely for signs of unusual activity and report those incidences if they see anything suspicious.

If someone believes they are a victim of either the Advantage or Argus financial database leak, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist victims as quickly as possible.

---

You might also like…

New Marriott Breach Affects Over Five Million Guests

Covid-19 Romance Scams Begin to Make the Rounds

Are you an IRS non-filer? Tips to Avoid a Stimulus Check Identity Scam