Security Market Segment LS
Friday, 01 December 2017 10:43

Credit repair service leaks data of about 40,000 Americans


The personal and financial data of about 40,000 Americans has leaked on the Web via an unsecured Amazon Web Services S3 bucket, the security firm UpGuard reports.

The data, from the Tampa-based credit repair service National Credit Federation, included customer names, addresses, dates of birth, driver’s licence and Social Security card images, credit reports from all three major agencies, personalised credit blueprints containing detailed financial histories, and full credit card and bank account numbers.

UpGuard's director of Cyber Risk Research, Chris Vickery, found the data on 23 October, a total of 47,000 files, mostly PDF and text documents.

There were three general kinds of documents found: documents submitted by customers with personal and financial details, “personalised credit blueprints” and videos created by NCF for their customers, and customer credit reports from Equifax, Experian, and TransUnion – the “big three” credit reporting agencies.

A leak at Equifax revealed the details of 143 million Americans in July. The leak was reported only in September.

An UpGuard blog post said the personal documents submitted by NCF customers were "expansive and highly sensitive; their exposure left tens of thousands of individuals entirely compromised against the threats of identity theft and financial attack. Photographs and scans of customers’ driver’s licences, as well as completed forms and documents, provide sensitive personal details such as full names, dates of birth, addresses, and financial histories".

The available data could easily be used for identity theft and compromise of personal finance histories of the people involved, UpGuard said.

Apart from this data, video files within the repository depicted NCF employee computer desktops, which had been recorded using a screenlogging program, as an employee accesses customer records and explains the significance.

"The videos appear to be specially made for individual customers, and are rife with the depiction of personally identifying information," UpGuard added.

In the past, UpGuard has found misconfigured Amazon Web Services S3 buckets leaking data from the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, and a contractor for the US National Republican Committee.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments