Cornerstone Payment Systems, which processes payments for pro-life groups, churches, ministries and other organizations with a similar Christian bent, left a database unprotected, exposing 6.7 million records from 2013 until the present.
Information housed by the database included names, email addresses and physical addresses as well as card and merchant information, expiration dates and the last four digits of cards used in payment, according to a TechCrunch report. Transaction details, such as merchants, type of payment, times and dates are also stored on the database discovered by security researcher Anurag Sen.
Tustin, Calif.-based Cornerstone, which bills itself as “committed to separating ourselves from the industry through a commitment to Christ,” did not encrypt the database but seems to have used tokenization, the report said.
“As enterprise infrastructures have become increasingly complex, exposed or misconfigured cloud databases have emerged as the leading cause of data leaks,” said Balaji Parimi, CEO, CloudKnox Security. “These types of leaks have left thousands of gigabytes of sensitive data exposed in recent years, and it’s not because malicious actors are targeting that data: it’s because of simple but costly mistakes.”