A significant database misconfiguration has exposed millions of sensitive records belonging to customers of ServiceBridge. This incident underscores the critical risks associated with data exposure and the imperative for businesses to bolster their cybersecurity measures.
Cybersecurity expert Jeremiah Fowler has identified a major misconfiguration of a cloud server affecting ServiceBridge, a well-known field service management platform based in Chicago, Illinois. The breach involved a database containing more than 31 million records, accumulating to 2.68 terabytes of sensitive data that were publicly accessible online without password protection or security measures.
The exposed data includes personal information such as names, addresses, email addresses, phone numbers, and partial credit card details. Moreover, sensitive HIPAA patient consent forms and medical equipment agreements were also found, revealing private health information. This exposure poses severe implications for affected individuals and raises alarming questions about the security practices at ServiceBridge.
Documents date back to 2012 and span a diverse array of organizations, such as private homeowners, educational institutions, religious bodies, chain restaurants, casinos in Los Angeles, and healthcare providers. A staggering total of about 31,524,107 files were available in formats like PDF and .htm, encompassing contracts, work orders, invoices, proposals, inspection reports, and completion agreements.
“In the limited sampling of documents that I reviewed, most appeared to originate within the United States, although I encountered data from Canada, the UK, and various European nations,” Fowler noted in a report shared with Hackread.com. Following Fowler’s discovery, ServiceBridge restricted database access, but the duration of the exposure and potential unauthorized access remains uncertain. Furthermore, it is not clear if the server was directly managed by ServiceBridge or a third party, although some documents carried a GPS Insight logo, indicating a possible affiliation.
The implications of this security breach extend beyond mere data loss; the situation raises serious concerns regarding financial fraud through invoice manipulation, which can adversely affect both business-to-consumer (B2C) and business-to-business (B2B) interactions. A 2022 report highlighted that the average annual loss for U.S. businesses due to invoice fraud reached $300,000, with over half of large enterprises reporting experiences with such scams in 2023. Additionally, the exposed personal information could facilitate identity theft, resulting in significant financial repercussions and harm to reputation.
Fowler’s assessment uncovered “site audit reports” that included images of both internal and external premises of various businesses. Some documents divulged potentially compromising information related to physical security, such as gate codes and access credentials.
This incident underscores the necessity of implementing stringent data security practices, including robust encryption, strict access controls, and frequent security audits. As a custodian of sensitive information, ServiceBridge has an obligation to ensure the safeguarding of its customers’ data against such vulnerabilities.
RELATED TOPICS
- Data Leak Exposes Business Leaders and Celebrity Data
- Unsecured Database Exposed 39 Million Sensitive Legal Records
- Millions of US Voter Data Exposed in 13 Misconfigured Databases
- Mexico’s Largest ERP Provider ClickBalance Exposes 769M Records
- Database Mess: Aussie Food Giant Patties Foods Leak Trove of Data
