Kreditech, a consumer finance startup that specialises in lending to “unbanked” consumers with little or no credit rating, is investigating a data breach.
After hackers from the group A4 posted thousands of applicants’ personal and financial records online, Anna Friedrich, head of communications at the Hamburg-based lender, acknowledged that the company had an “isolated internal security incident” in November 2014, and that Hamburg police are investigating.
Friedrich said Kreditech believes the data was stolen not from customers but only from credit applicants. She added that Kreditech believes the information was leaked from within by someone who worked at the company — although she declined to say whether the suspect was a current or former employee.
“There is no access to any customer data,” Friedrich said. “This incident stemmed from a form on our website that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share. ”