TCM Bank, a credit card issuer, revealed that misconfiguration of a website led to exposure of personal information of card applicants.
The breach, which occurred between March 2017 and mid-July 2018, revealed names and addresses. In addition, it leaked DOBs and social security numbers that were uploaded onto the website.
Go deeper with GlobalData
TCM Bank outage
The website is managed by a third party vendor. The company learned about the glitch on 16 July 2018 and had the issue resolved the following day.
According to attorney Bruce Radke, who is assisting TCM Bank with its breach outreach efforts, less than 10,000 of the applicants were affected.
“It was less than 25% of the applications we processed during the relevant time period that were potentially affected, and less than one percent of our cardholder base was affected here. We’ve since confirmed the issue has been corrected, and we’re requiring the vendor to look at their technologies and procedures to detect and prevent similar issues going forward,” Radke noted.
TCM Bank enables more than 750 small and community banks to issue credit cards. The company is owned by ICBA Bancard, the payments division of the Independent Community Bankers of America.
