PLS Financial is notifying customers that a programming error by an unnamed web site operator exposed their personal information to other site users.
The programming error, which occurred on July 11, allowed loan applicants to potentially view a restricted part of the site containing names, postal and e-mail addresses, and Social Security numbers. During the two-week period between the error and its discovery and correction, 34 site visitors could have accessed the restricted part of the site.
Based on an investigation by computer security firm hired to investigate the incident, PLS Financial wrote that they could not conclusively rule out the possibility that the restricted part of the site was accessed. As a result, the firm offered those affected a complimentary membership in the Experian ProtectMyID Alert program.
A copy of the letter signed by G. Clinton Heyworth, Information Security Officer for the firm, was uploaded to the California Attorney General’s site.
Update: This breach was also reported to Maryland.