Nearly 180k records exposed in billing platform breach - here’s what we know

News
By published

Banking information is amongst compromised details

Person working with documents on desk, accountant checking company budget accounting documents, auditing financial statements, preparing company balance sheet financial statements. Audit concept.
(Image credit: Shutterstock / Pickadook)
  • A researcher has found almost 200k personal records exposed
  • It looks to belong to a billing platform, Invoicely
  • This leaves anyone impacted at risk of fraud or identity theft

A publicly exposed database left without encryption or a password and containing 178,519 files has been discovered by cybersecurity researcher Jeremiah Fowler. In the sampling of the exposed files, he reported seeing personally identifiable information (PII) like names, addresses, numbers, tax ID, and more.

By analyzing the records, the researcher theorized the databases belong to small business billing platform, Invoicely - although it’s not certain if the database is owned/managed directly by the company, or if it is run by a third party.

A serious concern when PII is involved is the threat of identity theft, since criminals will attempt to use your details to take out loans or credit cards. The added danger with financial details or invoices is that threat actors may replicate or impersonate customers or business partners using fake invoices or financial dealings.

Official IdentityForce® | Identity Theft Protection - save up to 68% annually

Official IdentityForce® | Identity Theft Protection - save up to 68% annually

Many people don’t know how to protect their ID. Don’t be one of them. Get your ID Action Plan here. Get a personalized step-by-step Action Plan & ID Safety Score based on YOUR dark web hits.

View Deal

Elevated risks

The inclusion of financial information like tax documents represents an opportunity for threat actors to create multiple different attacks, including fraud, social engineering, or spear-phishing attacks - or even lead the criminals to higher value targets through their business dealings.

The researcher also outlines the risk of fraudulent tax filings, with approximately 6,000 tax returns filed using stolen identities in 2025 - creating complicated situations for taxpayers who are then left picking up the pieces.

“My advice to organizations that develop and provide invoice and accounting platforms, applications, or services is to limit the collection and retention of personal data when possible,” said Fowler.

“Encrypt sensitive information so that it is not human readable; that way, if there is a data exposure, encryption adds an additional layer of security. While not impossible to decrypt, properly encrypted files remain extremely difficult to access without the correct credentials.”

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.