- TCM Bank hit by credit card data breach for 16 months
- Around 10K victims who applied between early March ‘17 to mid-July ‘18 are the victims
- Website misconfiguration has led to this breach
- Information leaked include applicants’ names, addresses, DOBs and social security numbers.
The TCM Bank, a limited-purpose credit card bank wholly owned by ICBA Bancard, revealed recently that a website misconfiguration by the third party has leaked personal information of credit card applicants for 16 months.
The victims are those who have applied in between March 2017 – July 2018, which is the time period the breach had hit the bank. The breach has exposed the applicants’ names, addresses, DOBs and social security numbers.
The website is outsourced and is managed by a third party vendor. The company was aware about the attack on 16 July 2018 and they made it a point to resolve the issue the following day.
The data revealed that only less than 10,000 applicants were victims among the whole of the applicants, according to attorney Bruce Radke, who assists TCM Bank with its breach outreach efforts.
“It was less than 25% of the applications we processed during the relevant time period that were potentially affected, and less than one percent of our cardholder base was affected here. We’ve since confirmed the issue has been corrected, and we’re requiring the vendor to look at their technologies and procedures to detect and prevent similar issues going forward,” said Radke.
TCM Bank is a limited-purpose credit card bank wholly owned by ICBA Bancard. Through its Total Card Management program, TCM Bank helps community banks provide a credit card option to their customers using branded cards while limiting their expenses and exposure to risk. TCM offers consumer and small business agent credit card options that are supported by a dedicated client services team, staff training, promotions and branded marketing materials.
Business firms have to carefully ensure the level of security measures implemented by their partners to avoid similar incidents. Incidents like these from third-party partners can have a significant impact on the firm’s operations.