TCM Bank Announces Data Exposure

The credit card issuer pointed to a glitch on its website that made thousands of names, addresses, birthdates and Social Security numbers vulnerable.

August 08, 2018

WASHINGTON – TCM Bank, which assists more than 750 small and community banks that offer credit cards to customers, has announced a data breach, KrebsonSecurity.com reports. The bank indicated that a website misconfiguration exposed thousands of names, addresses, birthdates and Social Security numbers from card applications made between March 2017 and July 2018.

A subsidiary of ICBA Bancard Inc., TCM Bank attributed the breach to a third-party vendor that managed card application data submitted online. The bank said the problem had been corrected with a day of learning about the breach.

“It was less than 25% of the applications we processed during the relevant time period that were potentially affected, and less than 1% of our cardholder base was affected here,” said Bruce Radke, an attorney for TCM working on customer outreach related to the breach. “We’ve since confirmed the issue has been corrected, and we’re requiring the vendor to look at their technologies and procedures to detect and prevent similar issues going forward.”

NACS continues to advocate for data security and breach notification policy that ensures the entity that experiences the breach is responsible for notification.

Advertisement
Advertisement
Advertisement