A cybersecurity researcher has discovered an unprotected database containing sensitive personal data of nearly 246,000 people, possibly linked to a Texas-based company called Rockerbox.
The database, found by Jeremiah Fowler and reported to vpnMentor, was left online without a password or encryption. It contained over 245,000 records totaling 286.9 GB in size. Some of the files included names, addresses, email IDs, birth dates, and Social Security numbers, all in plain text.
More documents found in the database included driver’s licenses, ID cards, military discharge forms (DD214), and tax credit documents showing job and salary details. Some PDF files were password protected, but their file names included personal information and numbers that might help guess the passwords.
Rockerbox helps companies claim tax credits like WOTC and ERTC and works with clients across many industries in the U.S. After receiving a responsible disclosure notice, the exposed database was taken offline, but the company has not responded publicly.
It’s still unknown how long the data was accessible or if anyone else accessed it. Experts warn that poor cloud storage settings like this can easily lead to major data breaches.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
