August 26, 2024 at 09:07AM
Nearly 2.7 TB of sensitive data, including invoices, contracts, HIPPA patient consent forms, belonging to various businesses, has been exposed due to a non-password protected database. The exposed files, traced by security researcher Jeremiah Fowler, belonged to ServiceBridge and contained personal information from numerous clients. The database has since been closed off.
The meeting notes outline a significant data breach involving the exposure of 2.7 TB of sensitive data, including 31.5 million invoices, contracts, HIPPA patient consent forms, and other business documents. This exposure poses a substantial risk of financial-based cybercrime and potential misuse of personal information. The exposed files are associated with ServiceBridge, a software-as-a-service provider used by various companies to manage work orders, invoices, and payments.
The exposed documents contain a wide range of personal and business information, including partial credit card numbers, contact details, and site audit reports. Upon notification, the database was eventually closed off to the public, although there was no response from ServiceBridge regarding the exposure.
The implications of the data breach include potential targeted phishing and fraud activities, as well as the risk of reputational damage and regulatory fines for affected businesses. Customers’ privacy has also been compromised, and the breach highlights the importance of vigilance and verification in online interactions. Additionally, it underscores the need for organizations to improve their client protection measures, including prompt communication with customers in the event of a breach.
The information security researcher, Jeremiah Fowler, has a track record of identifying and reporting unprotected online databases. This incident emphasizes the critical importance of robust data protection measures and proactive communication with affected parties in the event of a breach.