xSocialMedia breach: data about U.S veterans' combat injuries exposed

Florida advertising agency suffers a breach: data about veterans' combat injuries and other sensitive details leaked

Users including US veterans' medical information got leaked after a data breach in an ad agency.

Advertising agency based in Florida encountered a data breach that exposed databases with details about past advertising campaigns.^[1] Hundreds of thousands of users' details leaked including information about medical malpractice cases, sensitive information about U.S military veterans' combat injuries. The data breach on xSocialMedia databases was discovered by security researchers, who reported the medical data leak incident at the start of June.^[2]

The vulnerability, according to the team, was discovered in multiple databases operated by the advertiser. The security incident leads to nearly 150 000 users' personal records exposed. vpnMentor researchers Noam Roten and Ran Locar reported that breached data includes medical testimonies, personally identifiable information, contact data, and original numbers from their advertising campaigns for injury-check.com. Unfortunately, data that got leaked also contains especially personal medical details:

The xSocialMedia leak allows access to names, addresses, phone numbers, and medical history that were provided by their leads.

Advertising campaign data focusing on injuries and medical malpractice lawsuits exposed

Particular advertising agency' campaigns focus on lawsuits with injury-related class-actions since the purpose of the commercial content is to gather interest from possible parties who are redirected to sites where they can fill out a form to see if they can get any legal assistance.

The database with all the responses from users who filled those forms got exposed on the internet without any password, so people are capable of accessing and downloading the content.^[3] Details that are needed for form-filling are the ones that got breached during the incident:

• full names,
• email addresses,
• home addresses,
• phone numbers,
• details about particular cases.

Unfortunately, the most sensitive data is combat injury details revealed by the U.S veterans. All the detailed medical information, mental traumas, and personal information about the aftermath of the suffering got exposed alongside the full names of the victims. This data regarding legal cases is not the information many people want to encounter in the public. Also, data in those xSocialMedia business databases contained details about clients and campaigns specifically, even company' invoices.

Advertising company noted immediately after the discovery: database closed after nine days

June second was the day researchers from vpnMentor discovered the leak in xSocialMedia's database and notified the company about this breach. However, the company reacted only on June 11th, when the experts contacted them once again. The same day ad agency closed the affected database to avoid other possible damage that may follow.

All the information regarding the interactions and company's campaigns can be especially valuable for the competitors and can lead to a ruined reputation of the xSocialMedia, as experts noted:

Future law firms may be less inclined to work with a company that experienced such a widespread breach.

Additionally, any unauthorized party could access or download this data and use all those lawsuit details or personal information in additional scam campaigns.^[4] Medical practices and healthcare providers cannot release such personally identifiable data to the public without permission. Unfortunately, the healthcare industry suffers many security incidents when data about users get exposed to public or malicious hackers.^[5]