A significant data exposure incident has come to light following the discovery by cybersecurity researcher Jeremiah Fowler, in collaboration with vpnMentor. The misconfigured database, reportedly linked to a Texas-based tax credit consultancy firm known as Rockerbox, was left unencrypted and accessible without a password, exposing an alarming 245,949 records totaling 286.9 GB of highly sensitive information.
Sensitive Information Left Unprotected
The publicly accessible database contained an extensive array of Personally Identifiable Information (PII), including full names, Social Security numbers (SSNs), dates of birth, physical addresses, and email addresses. More alarmingly, the breach also revealed scans of driver’s licenses, SSN cards, and DD214 military discharge forms. These documents, issued by the U.S. Department of Defense, confirm a veteran’s active duty service.
Some of the exposed files included tax-related documents such as Work Opportunity Tax Credit (WOTC) forms, salary details, and acceptance or denial letters for tax incentives. The volume and type of data found highlight the serious nature of this breach and the risks it poses to both individuals and businesses.
Password-Protected Files Still at Risk?
Although the database also contained a number of password-protected PDFs labeled as “forms,” the file names themselves included sensitive identifiers like applicant names, employer names, numeric codes, and document numbers. This practice, while seemingly secure, introduces potential risks. If file paths or names are exposed, they can be traced through browser histories, web logs, or accidentally shared URLs.
Fowler clarified that he did not attempt to bypass any password protections or access secured documents. However, he emphasized the importance of secure naming conventions and file path hygiene as part of broader cybersecurity best practices.
Who Owns the Data?
While the source of the database has not been officially confirmed, internal file references and metadata suggest the records belong to Rockerbox, a Dallas-based firm specializing in identifying and managing tax credit incentives. Rockerbox’s services include the WOTC, Employee Retention Tax Credit (ERTC), R&D credits, and Empowerment Zone credits. Their clients span a wide range of industries, including hospitality, healthcare staffing, trucking, manufacturing, and more.
Upon discovering the exposure, Fowler sent a responsible disclosure notice. Although no response was received, the database was secured a few days later, restricting public access. It remains unclear how long the database was exposed or if any malicious actors accessed it during that time.
Real Risks and Hypothetical Scenarios
The exposed data creates multiple potential threats, including identity theft, fraudulent tax filings, and targeted phishing schemes. With enough PII such as SSNs, birth dates, employment history, and driver’s license numbers, cybercriminals could impersonate individuals, apply for loans, or open fraudulent accounts.
According to a 2024 report by Experian, over 1.1 million identity theft complaints were recorded by the Federal Trade Commission (FTC), with related fraud cases resulting in more than 12.7 billion dollars in losses. While there is no direct evidence that Rockerbox clients or their employees are victims of fraud, this incident illustrates the broader risks of unsecured data in cloud environments.
What to Do If You’re Affected
If you suspect your data may have been involved in a breach like this, it's wise to:
Monitor your financial and credit accounts closely
Watch for suspicious activity such as new account openings or unauthorized transactions
Place a fraud alert or initiate a credit freeze with the major credit bureaus: Experian, Equifax, and TransUnion
This incident serves as a cautionary reminder for all organizations handling sensitive information. Misconfigured databases, improper access controls, and insecure file naming practices can lead to serious consequences for both individuals and companies.
This article is based on original research conducted by vpnMentor and cybersecurity analyst Jeremiah Fowler. Credit goes to their team for uncovering and reporting this exposure.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
