News

Massive Data Leak Exposes Sensitive Information of Businesses

Massive Data Leak Exposes Sensitive Information of Businesses
Images are for illustrative purposes only and may not accurately represent reality

A recent discovery by security researcher Jeremiah Fowler has revealed that a significant database from ServiceBridge, a field service management platform, was left unprotected and openly accessible online. The database contained a staggering 31,524,107 files dating back to 2012, affecting businesses primarily in the US, UK, and Canada.

The exposed documents included critical and confidential data such as contracts, invoices, inspections, partial credit card numbers, and HIPAA consent forms. Moreover, personally identifiable information like full names, addresses, and phone numbers were also found within the database. In some cases, 'site audit reports' were found to have images of properties and businesses, including access codes and other sensitive security details, putting the physical safety of individuals and business establishments at risk.

Businesses at Risk of Invoice Fraud

Among the most concerning implications of this leak is the increased vulnerability of affected companies to invoice fraud and spear-phishing attacks. The detailed information readily available in the leak can serve as a perfect template for criminals to exploit in their fraudulent activities. With a reported 31% of UK businesses falling victim to invoice fraud in the past year, the danger is more real and present than ever.

This incident highlights the critical necessity for companies to conduct effective security audits and implement robust access controls. The responsibility to protect sensitive data lies heavily on the shoulders of organizations storing such information. While the database has disappeared following a disclosure notice to ServiceBridge, the duration of exposure and access by unauthorized parties remains unclear.

Businesses must step up their game in data security, deploying the best encryption software and practices to prevent such breaches. Protecting sensitive client data isn't just good practice—it's a crucial aspect of business integrity and security in the digital age.

Read next