Your full name, address, and partial credit card numbers may have been exposed in a data breach involving field service management business ServiceBridge. Security researcher Jeremiah Fowler’s report uncovers that nearly 32 million non-password-protected files, such as contracts, invoices, agreements, and more, were exposed.
The information was publicly accessible, with no security authorization needed, for an undisclosed amount of time, and there is no official confirmation of who may have accessed it. The files date back to 2012 and are linked to companies from Canada, numerous European countries, the U.S., and the U.K.
The exposed files also included inspections, phone numbers, and Health Insurance Portability and Accountability Act (HIPAA) consent forms, and more.
The files named “site audit reports” contained pictures of businesses’ exterior and interior, gate access codes, and other access data. This breach affects various companies since, as Fowler mentions in his report: “The ServiceBridge platform was built to serve multiple industries such as commercial or industrial services, pest and animal control, cleaning, landscaping, construction, and other services. The documents I saw listed a wide range of customers: from private homeowners, schools, and religious institutions to well-known chain restaurants, Las Vegas casinos, medical providers, and many others.”
The exposed files put many customers at risk of fraud and other criminal activity, such as spear phishing, as the leak included internal information that only the customer and business would know.
Fowler advises businesses and customers to protect themselves by instructing them to “always keep accurate records of vendors, contractors, and customers to verify that payment requests are legitimate. Paying invoices on time is important for any business, and criminals exploit the need for fast payments.
If something feels suspicious about an invoice, I recommend withholding the payment until the information is verified. Customers should also be vigilant when they are contacted by businesses they have used in the past asking for additional information or unexpected payment requests.”
With data breaches on the rise, it’s always a good idea to have one of the best identity theft protection services.