ADVERTISEMENT

OCR Labs exposes its systems, jeopardizing major banking clients

A digital identification tool used by major banks and government agencies leaked sensitive credentials, putting clients at severe risk.

OCR Lab's data leak

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Apr 4, 2023 Updated: 20 April 2023 4 min read
  • London-based OCR Labs is a major provider of digital ID verification tools. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.
  • A misconfiguration of the company’s systems exposed sensitive credentials to the public.
  • Data leak affected QBANK, Defence Bank, Bloom Money, Admiral Money, MA Money, and Reed.
  • Using leaked data, threat actors could potentially breach banks’ backend infrastructure and consequently the infrastructure of their clients.
  • Financial services are the main target for cybercriminals, so the threat for the organizations and their customers is severe.
  • Cybernews contacted OCR Labs, and the company fixed the issue.

A treasure trove of credentials

Leaked credentials for Defence Bank | Image by Cybernews
Leaked credentials for Defence Bank | Image by Cybernews

Financial data at risk

ADVERTISEMENT

Wide range of attacks

OCR Labs’ response

Staying safe

ADVERTISEMENT