BPO company Genpact uploaded a dataset containing commercial loan application information from a B2B unit within Scottrade Bank to one of its cloud servers which did not have all the security protocols in place.

This meant that the information could be extracted by anyone, which happened. Fortunately, the person who found the data was security researcher Chris Vickery, who contacted Scottrade.

Large fully loaded MSSQL database. It’s as bad as I expected. Bank related. Clear passwords. Big name company. I contacted them.

— Chris Vickery (@VickerySec) April 1, 2017

Scottrade says Genpact secured the information after being notified of the issue and is currently analyzing log files to see how much of the data could be accessed.

“Genpact works exclusively with the B2B banking unit and does not have access to any other information of our company,” said a press release, adding that it is “important to note that we subject all our third-party suppliers to rigorous security standards. some information”. .