A major data breach involving ServiceBridge, a field service management provider based in the USA, has been discovered and reported by cybersecurity researcher Jeremiah Fowler.
The breach, by Fowler to WebsitePlanet, revealed that nearly 32 million records were exposed in a non-password-protected database, posing serious security risks for the affected companies and individuals.
What Happened?
The exposed database, containing 31.5 million records, included sensitive information such as contracts, work orders, invoices, and other business-related documents from a wide range of industries. The breach also exposed Personally Identifiable Information (PII), including names, addresses, email addresses, phone numbers, and even HIPAA patient consent forms. These documents, stored in unprotected folders, dated back to 2012 and represented a significant security vulnerability.
Why It Matters
The exposure of such critical data presents a substantial risk for businesses and their customers. Criminals could leverage the detailed internal information to carry out sophisticated phishing attacks and fraudulent transactions. The breach highlights the importance of securing sensitive information and the potential dangers of leaving databases unprotected.
Aftermath and Security Implications
After the breach was discovered, the database was quickly secured following a responsible disclosure notice from Fowler. However, the duration of the exposure and whether any unauthorized parties accessed the data remain unknown. This incident underscores the critical need for robust data security measures to prevent similar breaches in the future.
For further details, you can read the full report on the breach here.
