Aven Financial reports Data Breach, Impacting customers' Social Security Numbers
Take action: An excellent example of transparency and good security culture. A vulnerability was detected, quickly remedied and publicly reported because the researcher has accessed real data. The only issue remaining is to avoid using live data on test and development systems.
Learn More
Aven Financial, Inc. reported a data breach disclosing that an unauthorized party gained access to specific information provided to the company
The incident involved a security researcher achievieng an unauthorized access to an in-development storage system containing personal information, through a temporary vulnerability in that system and within 45 minutes reported the issue to Aven Financial.
Aven swiftly eliminated the vulnerability within 45 minutes of being informed. They confirmed that the security researcher was the only one to access the information.
Aven Financial reviewed the compromised files to identify the leaked information and affected consumers, finding that the accessed data varies, including
- names,
- Social Security numbers,
- driver's license numbers,
- addresses.
On July 31, 2023, Aven Financial sent data breach letters to all individuals affected by the incident.
Aven Financial have taken further steps to heighten the security of the information and systems, including the launch of a bug bounty program to continuously identify risks.
Even though the data was accesses was only by a security researcher, Aven is offering ccomplimentary twenty-four month subscription to credit protection service to the impacted individuals.
