Bond insurer MBIA investigating data breach

The largest bond insurer in the US is the victim of a cyber breach that may have exposed large quantities of client data.

“We have been notified that certain information related to clients of MBIA’s asset management subsidiary, Cutwater Asset Management, may have been illegally accessed,” said Kevin Brown, spokesman for MBIA in a an email to Advisen. “We are conducting a thorough investigation and will take all measures necessary to protect our customers’ data, secure our systems, and preserve evidence for law enforcement.”

MBIA Inc.’s subsidiaries provide financial guarantee insurance, as well as related reinsurance, advisory and portfolio services, for the public and structured finance markets, and asset management advisory services.

Brian Krebs, the journalist behind the blog Krebs on Security, said on Monday he informed MBIA that “a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data.”

Cutwater’s website says it is an investment advisor focused exclusively on fixed income investments. It counts state and local governments, financial institutions, pension funds, unions, insurance companies, corporations and consultants as clients.

A source quoted by Reuters — apparently the man who contacted Krebs — tried to inform MBIA of the breach before the end of September. According to them, the data exposed in the breach included user names and passwords and “would have allowed hackers to add users to clients’ accounts, effectively giving them access to billions of dollars in those accounts.”