A data leak from the Municipal Bond Insurance Association has exposed a large amount of customer information including account numbers, balances and account holder names, according to the blog KrebsOnSecurity.
The leak was caused by a misconfigured Oracle Reports database server, KrebsOnSecurity blogger Brian Krebs wrote. Instead of being accessible only to authorized users, the information was exposed on the Web, including some that had already been indexed by search engines.
MBIA, a company in Purchase, New York, that insures bonds and provides asset management advisory services, said it has taken the affected server offline.
“We have been notified that certain information related to clients of MBIA’s asset management subsidiary, Cutwater Asset Management, may have been illegally accessed. We are conducting a thorough investigation and will take all measures necessary to protect our customers’ data, secure our systems, and preserve evidence for law enforcement,” MBIA spokesman Kevin Brown said in a prepared statement.
Security researcher Bryan Seely of Seely Security discovered the data using a search engine, and the exposed data included information about the accounts of several public investment pools, the blog said.
MBIA has annual revenue of US$1.64 billion, according to Yahoo Finance.