MBIA, the country’s largest bond insurer, says that data related to an undisclosed number of its customers may have been “illegally accessed.”

In a Tuesday statement, MBIA revealed that clients of its asset management subsidiary, Cutwater Asset Management, were impacted, Brian Krebs reported. The security journalist said that the incident was the result of a misconfiguration in a company web server.

An independent security expert Bryan Seely initially discovered that the sensitive data was exposed on the open web, and not just available to authorized users on a private network.

Customer account numbers, balances and other data were said to be exposed, Krebs revealed. After being notified of the breach, MBIA disabled the affected site, mbiaweb.com, which contained data on Cutwater customers, he explained. MBIA has begun notifying those affected.