Data Breach at Willow Exposes Over 240,000 Customer Records
<
p style=”text-align: justify;”>
A significant data exposure incident involving the Chicago-based financial technology firm Willow has left the personal details of more than 240,000 customers vulnerable. Willow, which offers a service to pay customer bills upfront and allows repayment in installments, reportedly left a large volume of sensitive data accessible online without password protection. The discovery was made by cybersecurity researcher Jeremiah Fowler, who uncovered an unsecured database containing approximately 241,970 files.
The exposed data included customer names, email addresses, phone numbers, transaction details, and partial banking information. Alarmingly, receipts uploaded to the database revealed additional sensitive details, such as partial credit card numbers and home addresses. Fowler also found a T-Mobile bill containing call and text message records, underscoring the severity of the breach. One particularly concerning file contained data on 56,864 individuals categorized as prospects, active customers, or former customers barred from using Willow’s services.
The scale of the exposure raises significant concerns about the risk of identity theft and financial fraud. While there is no evidence yet that the leaked data has been exploited, the breach highlights the potential for phishing scams and social engineering attacks. Fraudsters could use the exposed information to craft convincing schemes, such as fraudulent billing requests or identity verification scams, targeting affected individuals.
Content was cut in order to protect the source.Please visit the source for the rest of the article.