Bond Insurer Investigating Data Leak
MBIA Says Certain Client Information May Have Been Accessed
Bond insurer MBIA says it's investigating a potential data leak at its asset management subsidiary, Cutwater Asset Management, which may have led to certain client information being illegally accessed.
See Also: Deception-Based Threat Detection: Shifting Power to the Defenders
"We are conducting a thorough investigation and will take all measures necessary to protect our customers' data, secure our systems and preserve evidence for law enforcement," Kevin Brown, an MBIA spokesman, tells Information Security Media Group.
Cutwater Asset Management is an investment adviser with $23 billion in assets under management.
Brown says the affected server has been taken offline, although he didn't confirm how many clients might be impacted by the potential data leak.
Security blogger Brian Krebs first reported on the potential security leak. The vulnerability was discovered by Bryan Seely, an independent security expert, according to news reports.
In a Wall Street Journal interview, Seely said that the issue involves a misconfigured Web server that may have exposed customers' usernames, passwords, account numbers and balances. Google had apparently indexed about 230 pages of account statements, the report says.
MBIA on Oct. 6 announced it was selling Cutwater Holdings to a subsidiary of The Bank of New York Mellon Corp. The sale is expected to close at the beginning of the first quarter of 2015.
