Ally Financial recently notified customers of a personal information exposure resulting from a system configuration error in their Android mobile application. The issue, identified on July 17, 2024, allowed a check deposited by one customer to be viewed by an incorrect customer. This unintentional exposure included the front and back images of the check, revealing names, bank account numbers, and potentially the address, if it was listed on the payee line. Ally has since taken immediate steps to address and fix the coding defects that caused the problem.
The company emphasized that the exposed information was limited to the check’s images and associated personal details, such as account names and bank numbers. While no other personal data was disclosed, Ally is offering customers the option to request a new bank account number for additional protection. In addition, the company reassured customers that they are continuing to monitor all Ally accounts for any signs of fraudulent transactions or suspicious activity that may result from this incident.
In response to the exposure, Ally launched a thorough investigation to understand the root cause of the issue and has already corrected the system error to prevent a recurrence. The company has also emphasized its commitment to improving its security practices to safeguard customer data. Ensuring the confidentiality of personal information remains a top priority for Ally, and the measures taken are aimed at rebuilding customer confidence.
To further support impacted individuals, Ally is providing three years of complimentary identity theft protection services through Sontiq, a TransUnion company. Customers are encouraged to activate the service within 60 days, which will offer fraud resolution assistance and credit monitoring services to help mitigate any potential risks. Ally is determined to provide the necessary tools and resources to help customers protect their information in the wake of this incident.
Reference:
