Hundreds of Banks Exposed from Fiserv Flaw
Hundreds of Banks Exposed from Fiserv Flaw: A flaw that was in the web platform of Fiserv Inc., a technology service provider for financial institutions, reportedly exposed the personal and financial account information on hundreds of bank websites, according to KrebsonSecurity.
Security researcher Kristian Erik Hermansen who contacted Kerbs two weeks before to report that “he’d discovered something curious while logged in to an account at a tiny local bank that uses Fiserv’s platform.” Shortly thereafter, KrebsonSecurity then contacted Fiserv, who explained that had been an issue in “a messaging solution available o a subset of online banking clients.”
While Fiserv who declined to say exactly how many financial institutions might have been impacted overall, there are around 1,700 banks that are currently using the Fiserv’s banking platform.
“Fiserv places a high priority on security, and we have responded accordingly,” a Fiserv spokesperson told Krebs.
“After receiving your email, we promptly engaged appropriate resources and worked around the clock to research and remediate the situation. We developed a security patch within 24 hours of receiving the notification and deployed the patch to clients that utilize a hosted version of the solution. We will be deploying the patch this evening to clients that utilize an in-house version of solution.”
Fiserv is for sure the critical financial services vendors for banks around the globe. “A breach or data leak such as this could have a huge impact on not only the financial system in the US but globally as well,” said Jake Olcott, VP of the strategic partnership at BitSight Technologies.
“Hundreds of banks that leverage its solutions were impacted by this breach, demonstrating firsthand the imperative need for financial services companies to keep a close eye on the third-party vendors that have access to their data and customer information,” Olcott continued.
“At a higher level, financial services companies need to make sure they are having continuous, data-driven conversations with their vendors about the security efforts and procedures, Fostering a more collaborative approach to security can unite businesses and their vendors in the war against an increasingly volatile threat landscape and help safeguard all parties from leaks and breaches.”