Home Security Credit repair service leaks data of about 40,000 Americans

The personal and financial data of about 40,000 Americans has leaked on the Web via an unsecured Amazon Web Services S3 bucket, the security firm UpGuard reports.

The data, from the Tampa-based credit repair service National Credit Federation, included customer names, addresses, dates of birth, driver’s licence and Social Security card images, credit reports from all three major agencies, personalised credit blueprints containing detailed financial histories, and full credit card and bank account numbers.

UpGuard's director of Cyber Risk Research, Chris Vickery, found the data on 23 October, a total of 47,000 files, mostly PDF and text documents.

There were three general kinds of documents found: documents submitted by customers with personal and financial details, “personalised credit blueprints” and videos created by NCF for their customers, and customer credit reports from Equifax, Experian, and TransUnion – the “big three” credit reporting agencies.

A leak at Equifax revealed the details of 143 million Americans in July. The leak was reported only in September.

An UpGuard blog post said the personal documents submitted by NCF customers were "expansive and highly sensitive; their exposure left tens of thousands of individuals entirely compromised against the threats of identity theft and financial attack. Photographs and scans of customers’ driver’s licences, as well as completed forms and documents, provide sensitive personal details such as full names, dates of birth, addresses, and financial histories".

The available data could easily be used for identity theft and compromise of personal finance histories of the people involved, UpGuard said.

Apart from this data, video files within the repository depicted NCF employee computer desktops, which had been recorded using a screenlogging program, as an employee accesses customer records and explains the significance.

"The videos appear to be specially made for individual customers, and are rife with the depiction of personally identifying information," UpGuard added.

In the past, UpGuard has found misconfigured Amazon Web Services S3 buckets leaking data from the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, and a contractor for the US National Republican Committee.


With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Popular News




Sponsored News