California-based real estate management and investment firm Income Property Investments had more than 170,000 records accidentally leaked as a result of a misconfigured database, Cybernews reports.
Included in the over 116 GB data trove were individuals' names, birthdates, Social Security numbers, physical and email addresses, employment documents, and internal files, according to an analysis by cybersecurity researcher Jeremiah Fowler published on Website Planet. "The database also showed property inspection reports, notices to vacate (evictions), employee terminations and demotion letters, petty cash statements, receipts, and expense reports (some of which contain the card type used to pay and its last four digits)," said Fowler, who also observed spreadsheets showing motel employees' personally identifiable information in plaintext, as well as certain medical details. Additional details regarding the ownership of the database remain uncertain but Income Property Investments was noted by Fowler to have restricted public access on the same day a responsible disclosure notice was provided.
Included in the over 116 GB data trove were individuals' names, birthdates, Social Security numbers, physical and email addresses, employment documents, and internal files, according to an analysis by cybersecurity researcher Jeremiah Fowler published on Website Planet. "The database also showed property inspection reports, notices to vacate (evictions), employee terminations and demotion letters, petty cash statements, receipts, and expense reports (some of which contain the card type used to pay and its last four digits)," said Fowler, who also observed spreadsheets showing motel employees' personally identifiable information in plaintext, as well as certain medical details. Additional details regarding the ownership of the database remain uncertain but Income Property Investments was noted by Fowler to have restricted public access on the same day a responsible disclosure notice was provided.
