ServiceBridge

History

2024: Data breach of 2.7 TB of American patients

In early September 2024, it became known that almost 2.7 TB of confidential data of Americans were in the public domain for an unknown time. Having received a security notice, the owner of the database removed it from public access, but before that any hacker could use this data for targeted phishing and fraud.

In total, 31.5 million documents were posted to the non-password-free online database: invoices, contracts, patient consent forms and other business documents related to numerous companies from different industries. The documents were stored in PDF and HTML formats and were organized by year and month. Among other things, contact details, partial credit card numbers, patient names under contracts for the supply of medical equipment and audit reports on objects with photographs of internal and external premises were posted online. All of this poses a huge risk to affected individuals who are unaware of privacy breaches of this magnitude.

Freepik

It turned out that this database belonged to ServiceBridge - a supplier ON that can be used by companies to process customer orders, bill, accept payments and many other applications. The files posted concerned ServiceBridge customers, among whom were private homeowners, schools and religious institutions, well-known chain restaurants, casinos, health Vegas care providers and many others. Basically, the documents concerned clients from, USA but in the database there were also documents from Canada Great Britain and many other European countries.

The researcher who discovered the problematic database reminds that all suspicious information should be rechecked, and organizations need to better protect their customers and send them timely notifications of violations.^[1]

Notes