TCM Bank: Credit Card Applicant Details Exposed

TCM bank hacked

TCM Bank reported that a “misconfiguration” in its website exposed dates of birth, names, social security numbers, and addresses of literally thousands of credit card applicants who had applied back in early March of 2017 thru to mid-July of 2018. The company aids over 750 community and small banks with the issuance of credit cards.

A subsidiary of ICBA Bancard Inc., which is based out of Washington D.C., TCM assists community banks with using bank-branded credit cards to provide a credit card option to their customers.

Today, TCM sent letters out to the customers who were affected by the data leak saying that the data that was exposed was information that credit card applicants had uploaded to a third-party vendor’s website. The issue was discovered by TCM back on July 16th, and by the very next day, it had been dealt with.

An attorney named Bruce Radke, who is currently assisting TCM with its breach outreach endeavors, stated that the breach affected around 10,000 applicants. He refused to say who the 3rd-party vendor was, stating that TCM was prohibited from naming it due to contractual reasons.

Radke asserted: “It was less than 25 percent of the applications we processed during the relevant time period that were potentially affected, and less than one percent of our cardholder base was affected here. We’ve since confirmed the issue has been corrected, and we’re requiring the vendor to look at their technologies and procedures to detect and prevent similar issues going forward.”

ICBA Bancard is actually the payments subsidiary of a larger company called Independent Community Bankers of America. Over 5700 financial institutions are represented by ICBA, the company has been pretty outspoken when it comes to retailers being held accountable for credit card data breaches. In 2017, Equifax was sued by ICBA over the enormous data breach the three credit bureaus suffered that exposed the personal data of about 150 million individuals.

Any comments? Please leave them below

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients