Millions of data files exposed in massive security breach — see if your business is affected

The documents include partial credit card numbers, invoices, and HIPAA consent forms

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researcher Jeremiah Fowler has uncovered a massive database belonging to field service management platform ServiceBridge was left freely available online.

In total, the database numbered 31,524,107 files, dated back to 2012 and primarily belonging to companies from the US, UK, and Canada, Fowler shared in a report withCybernews.

The documents, which were not password protected, and did not require security authorization, included sensitive and confidential information such as contracts, invoices, inspections, partial credit card numbers, and HIPAA consent forms - as well as personally identifiable information such as full names, addresses, and phone numbers.

Invoice fraud

Invoice fraud

Some files, labelled ‘site audit reports’, contained images of the interior and exterior of properties and businesses, as well as gate access codes and other access material. This poses a serious physical security risk for those exposed, some of whom were private homeowners, as well as large chain restaurants, casinos, and medical providers to name a few.

The companies affected by this leak are particularly vulnerable to spear phishing attacks and invoice fraud, due to the specific details available. This type of fraud is on the rise as it is, with 31% of UK businessesfalling victim to invoice fraudover the last year. Fowleroutlined the dangersin his report,

“The potential risks of invoice fraud are a double-edged sword that affects both business-to-customer (B2C) and business-to-business (B2B) transactions” He said. “Exposed invoices and internal business documents can potentially serve as a template for criminals to target victims using internal information that only the business and the customer would know.

The database has since disappeared after a disclosure notice was sent to ServiceBridge, and it’s not clear how long the information was available, or who accessed it.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However the incident demonstrates the need for effective security audits and access controls. All companies who store and handle sensitive information have a responsibility to their clients to protect data - we’ve featured thebest encryption softwareto keep your information secure.

More from TechRadar Pro

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics