Verivox, a well-known comparison portal based in Germany, has faced serious data security issues following the discovery of a significant vulnerability in its system. The issue specifically involved the area of credit intermediation, where sensitive personal details of users, such as names, addresses, income, number of children, and employment information, were easily accessible due to the flaw. The leak reportedly affected a large number of people, possibly millions, and raised concerns about the security of personal data on such platforms.
The vulnerability was first reported by CORRECTIV in August 2024. Verivox responded promptly to the findings and conducted an internal investigation. The company confirmed the issue and stated that it had immediately taken the affected application offline. The decision to temporarily suspend the service was made in order to prevent any further potential data breaches and to review the security of the platform. Verivox only put the application back online once it was confident that any risk of data compromise had been eliminated.
In addition to Verivox, Check24, another comparison portal, was also implicated in similar security concerns. While Check24 has not responded directly to CORRECTIV’s specific questions, an internal report dated July 30, 2024, revealed that the company had acknowledged the vulnerability. According to the report, Check24’s security team confirmed the issue and addressed it by closing the largest security gap on the same day, followed by further corrections in the days after. However, Check24 did not provide further details on the extent of the breach or its impact.
The revelations about these vulnerabilities in Verivox and Check24 have led to heightened concerns about the security of personal information on comparison portals. Both companies have faced scrutiny for failing to secure sensitive data, prompting calls for stronger data protection measures. These incidents underline the ongoing need for businesses handling personal data to implement robust security protocols to prevent similar breaches in the future.
Reference:
