• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service

You are here: Home / General Cyber Security News / Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service
May 5, 2022

ENCollect Debt Collection Service

An ElasticSearch server occasion that was remaining open up on the Internet without having a password contained sensitive economic information and facts about financial loans from Indian and African fiscal providers.

The leak, which was found out by scientists from data security firm UpGuard, amounted to 5.8GB and consisted of a full of 1,686,363 documents.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Those people data involved own details like name, financial loan sum, date of birth, account selection, and additional,” UpGuard mentioned in a report shared with The Hacker Information. “A complete of 48,043 exceptional email addresses were being in the selection, some of which were for the solution administrators, corporate customers, and selection agents assigned to just about every case.”

The uncovered instance, utilized as information storage for a credit card debt selection platform referred to as ENCollect, was detected on February 16, 2022. The leaky server has considering the fact that been rendered non-available to the public as of February 28 next intervention from the Indian Computer system Crisis Reaction Staff crew (CERT-In).

ENCollect is billed as the “world’s finest collector’s app,” letting assortment brokers to monitor personal loan payments, initiate lawful steps as effectively as offer you approaches for delinquency administration, settlements, and repossession.

ENCollect Debt Collection Service

UpGuard mentioned the financial loans originated from lending expert services these types of as Lendingkart, IndiaLends, Shubh Loans (MyShubhLife), Centrum, Rosabo, and Accion, with the leaked info also incorporating particular details associated with the borrowers.

Also, the dataset encompassed 114,747 mailing addresses, 105,974 phone quantities, and 157,403 personal loan quantities. A subset of these information also exposed additional information this kind of as speak to information of co-candidates, family users, and other individual references.

“Some data contained overdue amounts, the type and duration of the mortgage, and internal notes still left by collection company team regarding financial loan repayments,” UpGuard stated.

Despite the fact that the misconfigured server has been secured, there are generally probabilities that any one with destructive intent may possibly probable use the information to goal buyers as section of frauds or extortion techniques and even masquerade as mortgage collectors to focus on borrowers.

“The digitization of economic products and services supplies a lot of chances for efficiencies in procedures like debt selection, but also generates unanticipated hazards in the supply chain,” the researchers mentioned. “Vendor remedies also generate the risk for multiparty exposures when their details sets are sourced from quite a few customers, as in this scenario.”

Located this post interesting? Comply with THN on Facebook, Twitter  and LinkedIn to examine a lot more exclusive material we post.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News South Korea Admitted to NATO Cyber Defense Center

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service
  • South Korea Admitted to NATO Cyber Defense Center
  • NHS Inboxes Hijacked to Send 1000+ Malicious Emails
  • FBI: Thailand and Hong Kong Banks Used Most in BEC
  • GitHub to introduce two-factor authentication by 2023
  • Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software
  • F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
  • Groundbreaking Cybersecurity Book Published
  • SIM Fraud Solution Sparks Privacy Fears
  • HHS Information Security Program ‘Not Effective’

Copyright © TheCyberSecurity.News, All Rights Reserved.