. home.aspx



Third-Party Web Manager Exposes TCM Bank Data

August 06, 2018 / Kacy Zurkus

ICBA Bancard Inc. subsidiary TCM Bank, a company that aids community banks in issuing credit cards to their customers, announced that the personal data of thousands of people who applied for credit cards with their local banks was exposed, according to Brian Krebs. The information that was leaked between early March and mid-July 2018 included the names, addresses, dates of birth and Social Security numbers of thousands of people across the more than 750 community banks that work with TCM Bank. The leak was reportedly discovered on 16 July, then fixed the following day. TCM told KrebsonSecurity that the leak was from one of the third-party vendors that manages its website. As a network of community banks, TCM Bank handles documents filled with personally identifiable information (PII), including credit card applications. In this instance, misconfiguration – a critical application-security risk – resulted in the a leak of customer information. “Vulnerabilities and misco...