Cybersecurity researcher Jeremiah Fowler discovered an unprotected 378 GB database belonging to **Navy Federal Credit Union (NFCU)**, exposed publicly without encryption or password protection. The breach revealed sensitive internal files, including operational metadata, hashed passwords, system logs, plain-text usernames/emails, and Tableau workbooks containing database connection details, financial formulas, and loan portfolio metrics. While **no direct customer data (e.g., account numbers, SSNs) was exposed in plain text**, the leaked internal details—such as employee credentials, system architectures, and business intelligence—create severe risks. Attackers could exploit this information for **phishing, credential stuffing, or supply-chain attacks**, potentially escalating access to member data or financial systems. The incident underscores systemic vulnerabilities in third-party handling of sensitive data, though NFCU secured the database after discovery. The exposure, while not immediately catastrophic, provides cybercriminals with a **roadmap for deeper intrusions**, threatening long-term operational and member security.
TPRM report: https://www.rankiteo.com/company/navy-federal-credit-union
"id": "nav0465604090625",
"linkid": "navy-federal-credit-union",
"type": "Breach",
"date": "9/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'banking/credit union',
'location': 'United States',
'name': 'Navy Federal Credit Union (NFCU)',
'type': 'financial institution'}],
'attack_vector': ['unsecured database',
'lack of encryption',
'lack of authentication'],
'customer_advisories': ['Consumers advised to use identity protection tools '
'(e.g., Bitdefender Digital Identity Protection) and '
'monitor for phishing or credential stuffing '
'attempts.'],
'data_breach': {'data_encryption': ['no (database was unencrypted)'],
'file_types_exposed': ['.gz', '.sql', '.twbx'],
'personally_identifiable_information': ['internal usernames',
'emails'],
'sensitivity_of_data': ['high (internal operational and '
'financial details)'],
'type_of_data_compromised': ['operational metadata',
'hashed passwords',
'internal usernames',
'emails',
'business intelligence workbooks',
'system logs',
'database connection details',
'financial performance formulas',
'loan portfolio metrics']},
'description': 'Cybersecurity researcher Jeremiah Fowler discovered an '
'unprotected 378 GB database containing sensitive internal '
'files linked to Navy Federal Credit Union (NFCU). The '
'database was publicly accessible without encryption or '
'password protection, exposing operational metadata, hashed '
'passwords, internal usernames, emails, and business '
'intelligence workbooks. While no customer data was visible in '
'plain text, the exposed internal details could facilitate '
'phishing, credential stuffing, or further intrusions by '
'cybercriminals.',
'impact': {'brand_reputation_impact': ['potential erosion of trust due to '
'exposure of sensitive internal data'],
'data_compromised': ['operational metadata',
'hashed passwords',
'storage locations',
'system logs',
'internal usernames',
'emails (plain text)',
'Tableau business intelligence workbooks '
'(database connection details, financial '
'performance formulas, loan portfolio '
'metrics)'],
'identity_theft_risk': ['increased risk due to exposed internal '
'usernames, emails, and operational '
'details'],
'operational_impact': ['potential for targeted phishing',
'credential stuffing',
'social engineering attacks',
'future exploitation via operational '
'blueprints']},
'investigation_status': 'Resolved (database secured post-discovery)',
'lessons_learned': 'The incident underscores the critical importance of '
'securing databases with encryption and authentication, '
'even for internal or operational data. Exposure of '
'non-customer data (e.g., internal usernames, system logs, '
'business intelligence) can still enable targeted attacks '
'like phishing or credential stuffing, posing significant '
'downstream risks to both the organization and its '
'members.',
'post_incident_analysis': {'root_causes': ['unprotected database lacking '
'encryption and authentication',
'potential third-party mishandling '
'of sensitive data']},
'recommendations': ['Implement robust encryption and access controls for all '
'databases, including those containing operational or '
'internal data.',
'Regularly audit third-party vendors and contractors for '
'security vulnerabilities to mitigate supply chain risks.',
'Monitor for exposed credentials or internal details on '
'the Dark Web to preemptively address potential threats.',
'Educate employees and members on recognizing phishing '
'and social engineering attempts, especially following '
'data exposures.',
'Adopt tools like Bitdefender Digital Identity Protection '
'to proactively detect and respond to identity-related '
'risks.'],
'references': [{'source': 'Jeremiah Fowler (Cybersecurity Researcher)'}],
'response': {'containment_measures': ['database secured post-discovery']},
'title': 'Unprotected Database Exposure at Navy Federal Credit Union (NFCU)',
'type': ['data exposure', 'misconfiguration'],
'vulnerability_exploited': ['misconfigured database', 'unprotected storage']}