Skip to Content
Security & privacy

Millions of loan and mortgage records exposed in another massive data breach

Another day, another massive data leak from an unsecured server. It’s alarming that these types of data breaches are becoming more common lately.

In the past few weeks, we’ve seen servers expose personal information and even government data, not because of any hacking attempts, mind you, but due to poor security practices.

As proven in the past quite too often, companies who fail to secure their websites and databases properly could be leaking your information in the open, too. And the worse part is this – not even the best security precautions can protect you from these data breaches!

Read on and learn about the latest massive data breach caused by another unsecured server. Aside from identity fraud and scams, this one could put your mortgages, loans and home titles at risk!

Ascension data breach

Around 24 million financial and banking documents have been left exposed online yet again due to a misconfigured server.

According to a report from Techcrunch, the database was sitting on an unprotected server running an Elasticsearch database. And similar to other data breaches of this type, the database was not protected by any password, allowing anyone to view and access the treasure trove of information.

Fun fact: Elasticsearch is a free database search engine popular with cloud services such as Amazon Web Services.

Based on Techcrunch’s findings, the breach can be traced back to Ascension, a data and analytics firm based in Fort Worth, Texas.

The exposed data was discovered by security researcher Bob Diachenko on Jan. 10 via public search engines like Shodan. Thanks to Diachenko’s report, it is believed that the data was exposed for only weeks until was finally shut down on Jan. 15.

Fun fact: Shodan is a free search engine tool used for tracking exposed ports, databases and vulnerable web-connected appliances. 

What was exposed?

The leaked information from the Ascension leak includes documents that are related to loan and mortgage records from a number of major banking institutions including CitiFinancial, HSBC Life Insurance, Wells Fargo, CapitalOne and even U.S. federal agencies like the Department of Housing and Urban Development.

Aside from these sensitive documents, the leak also exposed personal information including:

  • Names
  • Addresses
  • Birth dates
  • Social Security numbers
  • Bank account numbers
  • Checking account numbers
  • Loan agreements
  • Bankruptcy filings
  • Tax documents (including W-2 tax forms)

Currently, the actual number of people affected by this data breach is still unclear and it is unknown if the information was accessed by hackers.

Judging by the number of data points and the nature of the information exposed, if cybercriminals got hold of the data, they will have a field day harvesting the information to facilitate all sorts of scams like identity and financial fraud.

What to do after a data breach?

Exposed databases are nothing new and they seem to occur on a regular basis. Needless to say, if the information gets into the hands of scammers, it could lead to all kinds of malicious activity.

To protect yourself from the inevitable fallout, here are some suggestions:

  • Beware of phishing scams – Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
  • Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Check your online accounts  Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
  • Get a credit freeze – If you think that your identity has already compromised, put a credit freeze on your accounts as soon as you can.
  • Have strong security software – Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.

Bonus: Get home title protection

No identity theft protection, homeowner’s insurance or bank protects you. For pennies a day, our sponsor Home Title Lock does. The instant they detect anyone tampering with your title, they’re on it. You need to check right now to see if you’re already a victim. 

Go to and register for your free title scan and report. That’s a $100 value – free. Go to

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started