Home » bitcoin updates » Collection Security leak reveals data from over 33,000 debtors

Collection Security leak reveals data from over 33,000 debtors

Wednesday, December 27th, 2017 | bitcoin updates

          
    
    
    
             The Swiss branch of the Eos collection group has dropped large amounts of sensitive data from debtors into unauthorized hands. Names, addresses, amounts of debt and even medical records were accessible through the data leak.
            

        

        The networking of companies in the claim management makes it possible that emerging security vulnerabilities have a mass effect. This has happened to the Swiss branch of the Eos Group, which belongs to the Otto Trading Group and claims to be one of the largest financial service providers in Europe.
As a result of a serious data leak at Eos, sensitive debtor data of around three GB has reached unauthorized hands. This is reported by the Süddeutsche Zeitung (sz) today in its online edition. It is said that the editors have been leaked the data in early April of this year by an informant. It then goes to more than 33,000 files with sometimes extremely sensitive data from debtors, but also creditors. The data in the datasets cover periods up to the year 2002.
The disclosed data includes names, reporting addresses and the amount of claims to be asserted. Most of the persons concerned are based in Switzerland.
Brisant and illegal As particularly explosive describes the "sz" a folder called "Uploads", which belongs to the data package and apparently contains information from clients to the collection agency. Physicians should have uploaded entire medical records of those affected, which include information on pre-existing conditions and treatment details. In addition, scanned passports and passports, extensive credit card statements, postal correspondence and private telephone numbers had to be found. All this, according to the "sz", allowed very extensive conclusions about the life of the debtors. In particular, this sensitive data would have motivated the whistleblower to turn to the "sz".
Service providers like Eos live off debt on behalf of creditors. Businesses, government agencies, doctors and other billers mandate the collection service provider to send reminders and, if necessary, initiate foreclosures. He accepts unpaid bills and then directly contacts the debtor. The Eos Group comprises 55 individual companies in a total of 26 countries. Their turnover reached a level of over 600 million euros last year.
As it turns out, the data stored by Eos includes much more than just what is usually necessary for claim management. Even under Swiss law, the unauthorized transmission of such sensitive data is punishable.
The head office of the Eos Group is located in Hamburg, although the data leak apparently affects only customers of the Swiss branch. In Germany, companies are required to destroy intimate patient information transmitted by doctors without permission. But in Switzerland, too, the law requires that all unnecessary information about debtors be deleted or blocked immediately.
Hacker attack on web serverThe "sz" reports that the editors have made Eos aware of the disclosed data. The company then promised a "comprehensive review of the processes". In addition, Eos has now informed the Swiss authorities and the customers of the house.
Apparently, a targeted hacker attack in early April triggered the data leak. The attackers exploited a vulnerability in the Apache Struts web server framework. It is the same vulnerability that also served as a gateway to hackers for Equifax data theft in September 2017.
According to Eos, signs of hacker activity were noted in the spring without an attack being able to be verified. Thereupon the affected server should be completely new set up. According to the information provided by the "sz", a new system analysis should be carried out. According to Eos, it is still unclear whether the data leak is actually based on an external attack or whether someone with access privileges has enabled unauthorized access.

(PSZ)

      

Incoming search terms:

Related

Fences in the Sky: How Fi

                         A private drone and a plane near the airport Dusseldorf

Wikimedia: EU copyright r

                         (Photo: heise online / Stefan Krempl)                                            The Wikimedia

Linux on Galaxy: Using Li

                                                                         Samsung wants to make the smartphone

NN IP Column: Top 10 Find

Since then many new possibilities have opened up in this segment. In addition,