The credit data of millions of consumers, including information about fraudulent procedures or personal bankruptcy, was freely available online for several hours over the weekend. Responsible for: A major data leak at Infoscore Consumer Data GmbH (ICD) from Baden-Baden, one of Germany’s most important credit reporting agencies, which belongs to the Experian group of companies. Like Germany’s most famous credit reporting agency, Schuffa, Infoscore evaluates consumers’ solvency.
Advertisement
Media Research: Location data can be used for spying purposesThe data leak was discovered by activist Lilith Wittman. “Over the weekend I gained access to the credit reports of everyone at Experian (formerly Arvato Infoscore) in Germany. This meant I was able to make thousands of inquiries and find out the credit scores for people as well as the negative attributes of the respective people (somewhat regarding fraudulent procedures or personal bankruptcies),” she writes in a linkedin postThe data leak potentially affected several million consumers. Because included in the Infoscore data pool according to the company Nearly 40 million present information on the negative payment behavior of over 7.8 million consumers.
Identification process easily bypassed
According to Wittman, creditworthiness data can be accessed through a portal called “Score Compass” operated by credit broker Smwa. According to the hacker, when registering she was able to easily bypass the identification process by using an ID or bank account and was given “direct access to the person’s score”. He then relatively quickly created a programming interface based on the interval and thus learned more about Arvato’s scorer. For example, she learned, says Wittman, that “if you’re 50 instead of 25, you get 15 more points across the board. If you’re in jail or registered at a shelter for homeless people, You get a very, very bad score based on your address and 11 points more for women”.
Infoscore explained According to a report by tagesschau.deThey were informed about “a suspicious IT security incident at two partner companies” and an investigation was launched. A spokesperson for the company said, “To our current knowledge, these are issues that have not impacted or jeopardized any of Infoscore Consumer Data’s systems.”
Just days earlier, Wittman had learned of a data leak at another credit agency. The activist used a prominent victim to show that the start-up “This is My Data” could relatively easily obtain information about the payment practices of prominent politicians. Last year he claimed to have obtained credential information about former Health Minister Jens Spahn from the Shufa app Bonify. Therefore, Wittmann now comes to this conclusion: “If I get access to data from different credit agencies three times in two years – thanks to absolutely minor security gaps – then one can only conclude that these companies are such The procedures are not suitable for providing sensitive data.”
(AKN)
The US government has called for Google and Chrome to be broken up – and possibly Android too
