affected customers banking with hundreds of financial institutions US-based financial services firm Fiserv h as just fixed Vulnerability-related.PatchVulnerabilitya flaw in its web platform that exposed the personal and financial details of a vast number of banking customers . With more than 12,000 clients across the world using the company 's services , it is hard to establish how many customers ' details w ere exposed Attack.Databreachin the 'information disclosure vulnerability ' f ound Vulnerability-related.DiscoverVulnerabilityby security researcher Kristian Erik Hermansen . When logging into his local bank , which uses Fiserv 's platform , Hermansen learned email alerts for financial transactions were assigned an 'event number ' , which he successfully predicted were distributed in sequence , according to KrebsOnSecurity . Using this knowledge , the researcher was able to directly view alerts set up by another customer by rewriting the site 's code in his browser and sending a request for an altered event number . He was able to view the customer 's email address , phone number and bank account number - as well as view and edit alerts they had previously set up . `` I should n't be able to see this data , '' he said . `` Anytime you spend money that should be a private transaction between you and your bank , not available for everyone else to see . '' He added a criminal could have exploited the flaw to s teal Attack.Databreachinformation from customers . Together with KrebsOnSeceurity author Brian Krebs , Hermansen worked to v erify Vulnerability-related.DiscoverVulnerabilitywhether or not the flaw was exclusive to his own bank 's installation of the platform . They soon d iscovered Vulnerability-related.DiscoverVulnerabilityhundreds of other Fiserv-affiliated banks may h ave been just as vulnerable Vulnerability-related.DiscoverVulnerabilityas those they had tested . IT Pro approached Fiserv for comment , and to establish how many institutions in the UK may have been affected , if any , but the company did not respond at the time of writing . A spokesperson told Krebs that Fiserv had responded accordingly , and c orrected Vulnerability-related.PatchVulnerabilitythe issue . `` After receiving your email , we promptly engaged appropriate resources and worked around the clock to research and remediate the situation , '' the spokesperson said . `` We d eveloped Vulnerability-related.PatchVulnerabilitya security patch within 24 hours of receiving notification and d eployed Vulnerability-related.PatchVulnerabilitythe patch to clients that utilise a hosted version of the solution . We w ill be deploying Vulnerability-related.PatchVulnerabilitythe patch this evening to clients that utilise an in-house version of the solution . '' While information disclosure vulnerabilities are among the most common types of website security issues , according to Krebs , they are also the most preventable and easy to f ix.Vulnerability-related.PatchVulnerabilityBut they can also cause just as much damage to a company 's brand as more severe security risks .