Data of thousands of card applicants exposed

The breach apparently occurred from March 2017 to mid-July of 2018.

August 6, 2018 by Roy Urrico, CU Times

Credit card issuer TCM Bank, which works with some 750 small and community U.S. financial institutions, including credit unions, exposed the personal information of thousands of individuals who applied for accounts.

Brian Krebs in his blog KrebsOnSecurity reported between early March 2017 and mid-July 2018, TCM Bank exposed the names, addresses, dates of birth and Social Security numbers through a website misconfiguration.

As reported by Krebs, in a letter mailed to affected customers, TCM said the information exposed was data card applicants uploaded to a Web site managed by an unnamed third-party vendor. TCM said it learned of the issue on July 16, 2018, and had the problem fixed by the following day.

Krebs said an attorney working with TCM on its breach outreach indicated the breach affected fewer than 10,000 consumers who applied for cards, less than 25% of the applications processed during the related period potentially affected, and less than 1% of its cardholder base.

Data of thousands of card applicants exposed

The breach apparently occurred from March 2017 to mid-July of 2018.

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!