Today's massive data breach wasn't caused by hackers. In fact, it was from one simple mistake that made a ton of private investors’ financial information publicly available through Google.
You may have never heard of these company names, Cutwater Asset Management or MBIA Inc., formerly known as the Mutual Bond Insurance Association. But just because you've never heard of them doesn't mean they might not have some of your vital financial information.
And if they do have your financial information, your account numbers, balances, even your address and social security number may have just been leaked to the entire Internet.
MBIA Inc. works with organizations like government agencies, school boards, hospitals, etc., that issue bonds for things like big construction projects. Bonds like these are often bought by investors who want to put their money in a relatively safe place with a predictable rate of return. Its a bit like putting your money in a savings account with a given interest rate - except with a little more risk and a bit higher interest rate
Cutwater Asset Management is an MBIA subsidiary that deals in fixed-income bonds and that's where the leak sprung.
Apparently, Cutwater's records hold a treasure trove of info on people who currently or previously had these bonds. And its this information that was left unsecured on the Internet. Here, according to Brian Krebs in his KrebsOnSecurity blog, is a redacted screen shot of just one of the records.
Want to know the scary part? The leak means that all of these documents were publicly searchable by almost any search engine.
And, according to Krebs, many of these documents included how-to instructions for authorizing new bank accounts for "deposits" that could have gone straight into a crook's wallet.
The companies, Cutwater Asset Management or MBIA Inc., say they are contacting all current and former customers about the breach. But if you've done business with them, then I'd definitely advise you to get on the phone with MBIA Inc. to make sure that your data is safe right now.
Why the rush? Because your social security number may have been out in the open for anyone to see. Statements for larger organizations like the Louisiana Asset Management Pool, the New Hampshire Public Deposit Investment Pool and the Town of Richmond, NH are just a few of the shocking examples of whose information was leaked.
You see, search engines don't just "know" what's on the internet. They create robots that comb through the web, looking for new websites and domains. When a company wants to protect its customers' private information, the first thing it does is to tell search engines not to reveal that information.
Cutwater Asset Management's bond records were built on a wonky server that let anyone in - even search engine robots. Worse than the bank accounts, routing numbers and SSNs that were leaked is the fact that one of the sites that you could find on Google was one that gave you administrator-level access to data.
That means that a criminal ahead of the curve could have gotten access to way more information than was ever available on Google.
With the massive number of data breaches that have been occurring lately, you might be feeling a little hopeless about keeping your personal information safe online. JPMorgan was hacked, Yahoo confirmed a breach and now the largest bond insurer couldn't be bothered to make sure that its clients were secure.
So what can you do to stay safe?
Look for the company that has an active interest in checking and re-checking its security protocols. Always check the blog of any financial institution to work with when buying bonds, stocks or other potential investments for your nest egg.
Even if a company gives you the best returns you could ask for, it's still not worth having your identity stolen because a server administrator didn't work hard enough.