A significant data breach has exposed the sensitive personal information of nearly a quarter of a million individuals, following the discovery of an unencrypted, publicly accessible database containing 245,949 records.
Cybersecurity researcher Jeremiah Fowler, in collaboration with vpnMentor, uncovered the exposed trove that included Social Security numbers (SSNs), driver’s licenses, U.S. military discharge forms (DD214), and a wide array of personally identifiable information (PII).
The breached database, totaling 286.9 GB, was not password-protected or encrypted, raising serious concerns about cloud security misconfigurations.
Database Exposed Sensitive Tax
The records appear to be linked to Rockerbox, a Dallas-based tax credit consulting agency that assists businesses nationwide in leveraging employer-focused tax incentives such as the Work Opportunity Tax Credit (WOTC), Employee Retention Tax Credit (ERTC), and other programs.
According to internal file references, the data included not only sensitive identity documents but also employer and salary information, WOTC determination letters, and a large volume of password-protected PDFs marked as “forms.”
The filenames of these documents included PII, such as both employer and applicant names, alongside numeric codes that may have been used as file identifiers or, theoretically, as document passwords.
Among the exposed items were DD214 forms, used to document military service separations, which if compromised, could be exploited for identity theft or other financial crime.
A limited review of the exposed database revealed names, addresses, email addresses, dates of birth, and SSNs in plain text.
While parts of the database were protected or inaccessible, a substantial number of files remained openly available to anyone with a web browser, highlighting inconsistent security practices.
Cloud Misconfiguration
Fowler promptly notified Rockerbox upon discovery of the misconfiguration, after which the database was swiftly secured and removed from public access.
However, there was no public response from the company regarding the breach. It remains unclear whether the database was managed directly by Rockerbox or by a third-party contractor, and the duration of public exposure has not been established.
Only a comprehensive internal forensic audit could determine the full extent of any unauthorized access.
The exposure underscores the persistent risks organizations face when using cloud storage without proper access controls, configuration, and encryption.
Cybersecurity experts advise that sensitive files should always be protected by robust encryption, and organizations must avoid embedding PII or potential passwords in file names or URLs due to risks from web logs, copy-pasted links, or browser history exposure.
While there is no evidence that the exposed data was actively misused, such information when exposed can be a lucrative target for cybercriminals.
The Federal Trade Commission (FTC) reported over 1.1 million identity theft claims and $12.7 billion in fraud losses in 2024 alone, highlighting the potential consequences for affected individuals and organizations.
Proactive monitoring of financial accounts, credit freezes, and the use of identity theft protection services are recommended for anyone suspecting their data may have been compromised.
Rockerbox, operating as Screen Technologies LLC, is not affiliated with Rockerbox.com, a marketing analytics provider recently acquired by DoubleVerify.
No wrongdoing or confirmed harm is attributed to Rockerbox, and analysis of the breach remains a cautionary illustration of the necessity of rigorous data protection in the enterprise cloud era.
The findings are intended solely to promote cybersecurity best practices and greater awareness of the need to safeguard sensitive information against evolving threats.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
