Finserv just fixed a technical flaw that exposed personal and financial details of customers; including emails, phone numbers, bank account numbers, and alert details across hundreds of bank websites just by editing a single digit in a the request url. 

Brian Krebs validated the findings and provides a detailed report.