"A database was found to be without password protection or encryption, exposing approximately 180,000 records (178,519 files) containing PII and payment data. This database was discovered by Jeremiah Fowler, a Cybersecurity Researcher and was initially reported to Website Planet . In an examination of the exposed files, Fowler identified invoices that contained personally identifiable information (PII). Sensitive data in these invoices included, but was not limited to: These invoices belonged to employees, customers, service providers and partners globally."
"Other sensitive documents exposed were airline tickets, ride share receipts, and health insurance payments, medical payments and more. These documents appear to belong to Invoicely by Stack Holdings GmbH, a SaaS portfolio organization based in Vienna. Though it is unknown if any malicious actor accessed this data, in the hypothetical event that one had done so, this information could be leveraged to conduct invoice fraud, financial fraud, or identity theft. Furthermore, the PII could be used to create targeted social engineering schemes."
An unsecured, unencrypted database exposed approximately 180,000 records (178,519 files) containing personally identifiable information and payment data. The database was discovered by Jeremiah Fowler, a cybersecurity researcher. Exposed invoices contained PII for employees, customers, service providers, and partners worldwide. Additional exposed documents included airline tickets, rideshare receipts, health insurance payments, and medical payments. The records appear to belong to Invoicely by Stack Holdings GmbH, a Vienna-based SaaS portfolio organization. It is unknown whether any malicious actors accessed the data. If accessed, the information could enable invoice fraud, financial fraud, identity theft, and targeted social engineering schemes.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]