American online brokerage Scottrade says a mistake by third party vendor Genpact resulted in the sensitive information of around 20,000 customers being left exposed.
BPO outfit Genpact uploaded a dataset containing commercial loan application information from a B2B unit within Scottrade Bank to one of its cloud servers that did not have all the security protocols in place.
This meant that the information could be extracted by anyone, which is what happened. Fortunately, the person who found the data was security researcher Chris Vickery, who contacted Scottrade.
Scottrade says that Genpact secured the information after being informed of the problem and is now analysing log files to see to what extent the data may have been accessed.
"Genpact works exclusively with the B2B bank unit and has no access to any other information at our firm," stresses a statement, adding that it is "important to note that we hold all of our third-party vendors to rigorous information security standards".