Another day, another breach, this time we are talking about the TCM Bank data breach that reportedly leaked data of applicants for over a year. TCM Bank is a credit card issuer firm helping community banks in providing credit cards to their respective account holders.
TCM Bank Data Breach Exposed Applicant Details For 16 Months
As disclosed yesterday by KrebsOnSecurity, the US-based financial institution TCM Bank reportedly exposed applicants’ data for over a year. The data was leaked online around 16 months ago. The news broke online on Friday after the bank disclosed the data breach in emails sent to customers.
According to the information disclosed by TCM Bank, the data breach did not affect the bank’s website. Instead, the breach occurred on a third-party website which allegedly contained card details of customers as uploaded over there.
Reportedly, TCM noticed the data breach on July 16, 2018, after which they resolved the matter within a day.
TCM Bank is an ICBA Bancard Inc., which is based in Washington D.C. TCM collaborates with more than 750 financial institutions in the USA for issuing credit cards to over 300,000 customers.
“25% Of Applicants Affected,” Says Radke
Talking about the breach, Bruce Radke, Attorney at ICBA, explained that the breach supposedly affected less than 25% of the applicants, which equates to around 10,000 customers.
“It was less than 25 percent of the applications we processed during the relevant time period that were potentially affected, and less than one percent of our cardholder base was affected here.”
Radke further confirmed that TCM has rectified the issue.
“We have since confirmed the issue has been corrected, and we are requiring the vendor to look at their technologies and procedures to detect and prevent similar issues going forward.”
Nonetheless, Radke did not disclose the source vendor’s name that suffered data breach due to contractual restrictions with TCM.
Not to forget how Jersey Mike’s Subs notified its customers about a similar data breach at some third party website. That time too, that third-party vendor’s name remain hidden.