Home Business Data Breaches at Check24 and Verivox Expose Sensitive Customer Information

Data Breaches at Check24 and Verivox Expose Sensitive Customer Information

by delta
0 comment
check24

Significant security flaws at two prominent comparison websites in Germany, Check24 and Verivox, have exposed sensitive customer data, including income details and loan agreements, to the open internet. The Chaos Computer Club (CCC) and an independent IT expert were instrumental in uncovering these breaches, potentially preventing more serious consequences. The exposed information could have been easily accessed by criminals, posing a substantial risk to users’ privacy and financial security.

Discovery of the Data Leaks

The Chaos Computer Club revealed that both Check24 and Verivox, two of the largest loan comparison platforms in Germany, suffered from severe data security issues. During the breach, users’ loan contracts, along with private details such as income statements and bank account numbers, were freely accessible online. CCC spokesperson Matthias Marx explained the extent of the exposure in an interview with Correctiv: “Anyone could see where the users live, how many children they have, where they work, what they earn, and how much they currently owe on loans.”

Verivox’s Response

Verivox responded quickly once notified by the CCC, closing the data leak immediately. The company claimed there was no unauthorized access to customer data, except by the whistleblower who reported the breach. “We believe no harm has come to our customers,” Verivox stated. The incident is now under investigation by the data protection authority in Baden-Württemberg.

Check24’s Response

Check24 was slower to respond, initially leaving inquiries unanswered. However, it later confirmed that the breach had been fixed and reported no evidence of unauthorized access. The company has since retrained its staff to prevent future incidents.

Whistleblower Calls Out Negligent Handling of Customer Data

The IT expert who uncovered the vulnerabilities first identified issues with Check24 in July, prompting them to investigate Verivox as well, where they found similar flaws. These security holes were so fundamental that the whistleblower described them as glaring oversights. “It’s almost misleading to call these ‘security gaps’ because the data was essentially available to anyone with an internet connection,” the whistleblower told Correctiv.

Deeper Issues at Check24

Check24 was found to have an additional, more complex vulnerability. With some technical expertise, attackers could access a second layer of customer data, which included download links to PDF files with sensitive loan offers from banks. The exposed information contained full names, gender, phone numbers, email addresses, birth dates, nationality, employment status, length of employment, household income, details about existing loans, rental status, number of children, vehicle ownership, as well as specific loan terms and bank account details, including IBANs.

The Extent of the Breach Remains Unclear

How Long Were Users at Risk?

While the CCC notified both companies and steps have been taken to secure the data, it remains unclear how long these vulnerabilities were present or how many users were impacted. According to Correctiv, up to 75,000 Verivox customers may have had their data exposed. Despite this, experts believe there is no evidence that the information was widely disseminated, sold, or used for criminal activities.

This incident highlights a severe lapse in the data security protocols of Check24 and Verivox, exposing users’ sensitive financial and personal information to the internet. While both companies have addressed the vulnerabilities, the breach underscores the need for more stringent cybersecurity measures to protect customer data and maintain trust. The swift actions by the CCC and the whistleblower prevented further exploitation, but the incident serves as a stark reminder of the potential risks posed by weak online security.


DELTA Data Protection & Compliance, Inc. Academy & Consulting – The DELTA NEWS – Visit: delta-compliance.com

You may also like

Leave a Comment

Delta-Compliance.com is a premier news website that provides in-depth coverage of the latest developments in finance, startups, compliance, business, science, and job markets.

Editors' Picks

Latest Posts

This Website is operated by the Company DELTA Data Protection & Compliance, Inc., located in Lewes, DE 19958, Delaware, USA.
All feedback, comments, notices of copyright infringement claims or requests for technical support, and other communications relating to this website should be directed to: info@delta-compliance.com. The imprint also applies to the social media profiles of DELTA Data Protection & Compliance.

Copyright ©️ 2023  Delta Compliance. All Rights Reserved

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00