Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Millions of data files exposed in massive security breach — see if your business is affected

Padlock against circuit board/cybersecurity background.

Security researcher Jeremiah Fowler has uncovered a massive database belonging to field service management platform ServiceBridge was left freely available online.

In total, the database numbered 31,524,107 files, dated back to 2012 and primarily belonging to companies from the US, UK, and Canada, Fowler shared in a report with Cybernews.

The documents, which were not password protected, and did not require security authorization, included sensitive and confidential information such as contracts, invoices, inspections, partial credit card numbers, and HIPAA consent forms - as well as personally identifiable information such as full names, addresses, and phone numbers.

Invoice fraud

Some files, labelled ‘site audit reports’, contained images of the interior and exterior of properties and businesses, as well as gate access codes and other access material. This poses a serious physical security risk for those exposed, some of whom were private homeowners, as well as large chain restaurants, casinos, and medical providers to name a few.

The companies affected by this leak are particularly vulnerable to spear phishing attacks and invoice fraud, due to the specific details available. This type of fraud is on the rise as it is, with 31% of UK businesses falling victim to invoice fraud over the last year. Fowler outlined the dangers in his report,

“The potential risks of invoice fraud are a double-edged sword that affects both business-to-customer (B2C) and business-to-business (B2B) transactions” He said. “Exposed invoices and internal business documents can potentially serve as a template for criminals to target victims using internal information that only the business and the customer would know.

The database has since disappeared after a disclosure notice was sent to ServiceBridge, and it’s not clear how long the information was available, or who accessed it.

However the incident demonstrates the need for effective security audits and access controls. All companies who store and handle sensitive information have a responsibility to their clients to protect data - we’ve featured the best encryption software to keep your information secure.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.