Rockerbox

A tax credit consulting agency inadvertently exposed sensitive data on thousands of its customers by allegedly keeping a database filled with personally identifiable information (PII) open on the public internet. The database contained ID card numbers and other vital information such as names, physical addresses, email addresses, dates of birth, and Social Security numbers in plain text. There were also driver’s licenses, identification cards, SSN cards, work opportunity tax credit documents, and determination letters with acceptance or denials of eligibility. The database was discovered by a cybersecurity researcher and was subsequently locked down, but it is unknown if any threat actors obtained the data.

Source: https://www.techradar.com/pro/security/nearly-250-000-records-leaked-in-major-tax-consultancy-breach-heres-what-we-know

TPRM report: https://scoringcyber.rankiteo.com/company/rockerbox-tax-credits

"id": "roc540070925",
"linkid": "rockerbox-tax-credits",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Financial Services',
                        'location': 'Texas, USA',
                        'name': 'Rockerbox',
                        'type': 'Tax Credit Consulting Agency'}],
 'attack_vector': 'Unsecured Database',
 'data_breach': {'file_types_exposed': ['Plain text', 'PDF'],
                 'number_of_records_exposed': 245949,
                 'personally_identifiable_information': ['Names',
                                                         'Physical addresses',
                                                         'Email addresses',
                                                         'DOB',
                                                         'SSN',
                                                         'Driver’s licenses',
                                                         'Identification cards',
                                                         'SSN cards',
                                                         'Work opportunity tax '
                                                         'credit documents',
                                                         'Determination '
                                                         'letters',
                                                         'DD214 forms'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['PII', 'Sensitive documents']},
 'description': 'Rockerbox, a tax credit consulting agency, inadvertently '
                'exposed sensitive data on thousands of its customers by '
                'keeping a database filled with personally identifiable '
                'information (PII) open on the public internet.',
 'impact': {'data_compromised': ['ID card numbers',
                                 'Names',
                                 'Physical addresses',
                                 'Email addresses',
                                 'DOB',
                                 'SSN',
                                 'Driver’s licenses',
                                 'Identification cards',
                                 'SSN cards',
                                 'Work opportunity tax credit documents',
                                 'Determination letters',
                                 'DD214 forms',
                                 'Password-protected PDF files']},
 'references': [{'source': 'vpnMentor'}],
 'response': {'containment_measures': 'Database locked down'},
 'title': 'Rockerbox Data Leak',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Unencrypted and non-password-protected database'}