TCM Bank announced that a Web site misconfiguration exposed applicant data for 16 months
TCM Bank, a subsidiary of ICBA Bancard, issues credit cards for more than 750 small and community U.S. banks who prefer not to issue cards themselves. TCM announced the a web site misconfiguration exposed applicant data for 16 months, between early March 2017 and mid-July 2018. Exposed data includes names, addresses, dates of birth and Social Security numbers.
The number of affected customers was less than 10,000, which is less than 25% of the applications processed during that time period, and less than 1% of the TCM cardholder base.
The breach was reportedly discovered on July 16, 2018, then fixed the following day.
Read more about it here.