A recent data breach was discovered by cybersecurity researcher, Jeremiah Fowler, revealing a non-password protected database with an estimated one million PDF documents that contained sensitive personal and financial information.
The documents were invoices from individuals and businesses who had used NorthOne Bank, a financial technology company, to pay for services or products. The invoices contained names, email addresses, physical addresses, phone numbers, tax ID numbers and more. Although it is unclear how long the database had been exposed, the breach occurred before January 19th 2023 and was resolved on January 31st, 2023. The database was unsecured, allowing anyone with the URL to see or download the PDFs.
Although NorthOne Bank stated that the issue had been resolved, it remains unclear who else may have accessed the information prior to its discovery.
Small businesses are particularly vulnerable to business identity theft, as they have fewer resources to detect and respond to security incidents. The exposure of tax information could lead to fraudulent federal tax returns and the filing of loans or credit accounts, leaving businesses accountable for the repayment of the debts.
Criminals could use the information to establish a position of trust and contact customers requesting payment.
According to the Verizon Business 2020 Data Breach Investigations Report, nearly 90% of data breach-related crimes were financially motivated or aimed at financial gain. Cybercriminals can use different methods, including extorting money, social engineering to obtain payment and personal data, or selling acquired data.
NorthOne’s app is designed to work with all payment processing systems and has several integration options, including Airbnb, Cash App, Lyft, PayPal, Quickbooks, Shopify, Square, Stripe, Uber, Venmo, Wave, and more.
Finally, NorthOne has raised significant capital of $90.3 million USD in funding over five rounds from various investors. These include Battery Ventures, Drew Brees, FinTLV, Kaiser Permanente, Next Play Capital, Redpoint Ventures, Tencent, and Tom Williams, among others.
It is worth noting that this information is provided for context only and is not intended to imply any connection between NorthOne’s investors and the potential data exposure situation.
