EasyDraft, which processes payments for Bright Horizons Family Solutions, recently began notifying an undisclosed number of current and former Bright Horizons customers that their names, bank routing numbers and bank account numbers were mistakenly made available online (h/t DataBreaches.net).
According to the notification letter [PDF], Bright Horizons learned on January 8, 2014 that one of EasyDraft’s internal Web sites was accessible online, and informed EasyDraft of the issue.
The Web site in question was then shut down, and an investigation determined that the Web server storing the files had been misconfigured since October 8, 2012, “resulting in a lack of proper secure authentication requirements,” according to EasyDraft.
In a statement [PDF] provided to the Maryland Attorney General’s Office, David F. Katz of Nelson Mullins Riley & Scarborough LLP explained on EasyDraft’s behalf, “Since the incident, EasyDraft has added additional monitoring on its production Web servers using SilverSky, a cloud monitoring and security provider. EasyDraft has also engaged an independent digital risk management firm to conduct a third-party review of the matter to fully understand this incident and to provide immediate recommendations to further secure information in EasyDraft’s environment.”
All those affected are being offered one free year of identity monitoring services from Kroll.