Today's massive data breach wasn't caused by hackers. In fact, it was from one simple mistake that made a ton of private investors’ financial information publicly available through Google.
You may have never heard of these company names, Cutwater Asset Management or MBIA Inc., formerly known as the Mutual Bond Insurance Association. But just because you've never heard of them doesn't mean they might not have some of your vital financial information.
And if they do have your financial information, your account numbers, balances, even your address and social security number may have just been leaked to the entire Internet.
MBIA Inc. works with organizations like government agencies, school boards, hospitals, etc., that issue bonds for things like big construction projects. Bonds like these are often bought by investors who want to put their money in a relatively safe place with a predictable rate of return. Its a bit like putting your money in a savings account with a given interest rate - except with a little more risk and a bit higher interest rate
Cutwater Asset Management is an MBIA subsidiary that deals in fixed-income bonds and that's where the leak sprung.
Apparently, Cutwater's records hold a treasure trove of info on people who currently or previously had these bonds. And its this information that was left unsecured on the Internet. Here, according to Brian Krebs in his KrebsOnSecurity blog, is a redacted screen shot of just one of the records.
Want to know the scary part? The leak means that all of these documents were publicly searchable by almost any search engine.
And, according to Krebs, many of these documents included how-to instructions for authorizing new bank accounts for "deposits" that could have gone straight into a crook's wallet.