Personal data compromised through API vulnerability

The personal data of consumers who requested a loan and/or credit card from the now liquidated Binbank may have been compromised. The compromised data includes names, passport data, phone numbers and addresses. The data was compromised due to a vulnerability in an API mechanism. Moreover, it is possible that a similar vulnerability exists in the APIs of other banks as well. It remains unknown exactly how much personal data is at risk or has been obtained by unauthorized parties.

Experts point out that such a leak is not an isolated case. There was a similar instance in 2015, when St. Petersburg Bank was attacked. The attack, which saw customer data exposed, prompted the bank to review its security measures. It will be important for banks moving forward to balance the need to get consumers products and services quickly and easily with the need to ensure their data is secured if consumers are to continue to trust banks with their most vital information.