Hundreds of Banks Exposed from Fiserv Flaw

A flaw in the web platform of Fiserv Inc., a technology services provider for financial institutions, reportedly exposed personal and financial account information on hundreds of bank websites, according to KrebsonSecurity. Security researcher Kristian Erik Hermansen contacted Krebs two weeks ago to report that “he’d discovered something curious while logged in to an account at a tiny local bank that uses Fiserv’s platform.” Shortly thereafter, KrebsonSecurity contacted Fiserv, which explained that there had been an issue in “a messaging solution available to a subset of online banking clients.” While Fiserv declined to say exactly how many financial institutions may have been impacted overall, there are reportedly 1,700 banks currently using Fiserv’s banking platform. “Fiserv places a high priority on security, and we have responded accordingly,” a Fiserv spokesperson told Krebs.