EasyDraft Data Breach Exposes Bright Horizons Customers’ Financial Data

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

EasyDraft, which processes payments for Bright Horizons Family Solutions, recently began notifying an undisclosed number of current and former Bright Horizons customers that their names, bank routing numbers and bank account numbers were mistakenly made available online (h/t DataBreaches.net).

According to the notification letter [PDF], Bright Horizons learned on January 8, 2014 that one of EasyDraft’s internal Web sites was accessible online, and informed EasyDraft of the issue.

The Web site in question was then shut down, and an investigation determined that the Web server storing the files had been misconfigured since October 8, 2012, “resulting in a lack of proper secure authentication requirements,” according to EasyDraft.

In a statement [PDF] provided to the Maryland Attorney General’s Office, David F. Katz of Nelson Mullins Riley & Scarborough LLP explained on EasyDraft’s behalf, “Since the incident, EasyDraft has added additional monitoring on its production Web servers using SilverSky, a cloud monitoring and security provider. EasyDraft has also engaged an independent digital risk management firm to conduct a third-party review of the matter to fully understand this incident and to provide immediate recommendations to further secure information in EasyDraft’s environment.”

All those affected are being offered one free year of identity monitoring services from Kroll.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis