5 Shocking Data Breaches Discovered By Jeremiah Fowler: The Latest Security Flaws Of 2025

The digital landscape is constantly under threat, and as of December 17, 2025, the critical work of independent cybersecurity researchers like Jeremiah Fowler remains essential in safeguarding personal information. His consistent uncovering of massive, unsecured databases—often due to simple cloud misconfigurations—serves as a stark and urgent reminder that data security is a continuous, never-ending battle. His latest findings highlight a worrying trend where companies, despite high-profile incidents, continue to leave sensitive customer and operational data exposed to the public internet, making him a critical figure in the ongoing fight for digital privacy. This article details the background of the prolific security researcher and dives deep into his most recent and impactful data breach discoveries from late 2024 and throughout 2025, providing a crucial look at the scale of modern data exposure.

Jeremiah Fowler: Biography and Profile

Jeremiah Fowler is a highly respected cybersecurity researcher, technologist, keynote speaker, and journalist who has spent over a decade dedicating his career to identifying and responsibly reporting data breaches and vulnerabilities. He is widely recognized for discovering thousands of data breaches, many of which involve massive record counts and highly sensitive Personally Identifiable Information (PII). His work often focuses on finding unsecured, non-password-protected databases left open on the public internet, a common and avoidable security flaw known as a cloud misconfiguration. Fowler is the Co-Founder of Security Discovery, a cybersecurity consultancy, and has contributed his expertise to major security and technology outlets, including vpnMentor, Cybernews, and ExpressVPN. His primary mission is to act as a "white hat" researcher, promptly notifying the affected organizations to secure the exposed data before malicious actors can exploit the vulnerability.

Key Professional Roles and Affiliations

• Cybersecurity Researcher and Technologist
• Co-Founder of Security Discovery
• Journalist and Privacy Advocate
• Keynote Speaker
• Contributor to vpnMentor, Cybernews, and ExpressVPN

The Most Alarming Data Breach Discoveries of 2025

Jeremiah Fowler's methodology often involves scanning the internet for misconfigured database instances, such as Elasticsearch, MongoDB, or Amazon S3 buckets, that are leaking data without any authentication layer. The sheer volume and sensitivity of the data he uncovers are consistently shocking, revealing a widespread failure in basic data governance across various industries.

1. The Archer Health PII Exposure (150,000 Records)

In one of the most significant healthcare-related discoveries of 2025, Fowler identified an exposed database belonging to Archer Health. The leak involved approximately 150,000 records, totaling 23.7 GB of sensitive data. This type of breach is particularly concerning because it constitutes a potential violation of HIPAA (Health Insurance Portability and Accountability Act), as it involved patient data. The exposed information included PII and potentially Protected Health Information (PHI), leading to an official report to the HHS (U.S. Department of Health and Human Services) in December 2025. The incident underscores the severe consequences of neglecting cloud security in the medical sector.

2. Massive Unsecured Database with 184 Million Records

In a separate, large-scale incident reported in mid-2025, Fowler discovered an exposed Elasticsearch environment containing a staggering 184 million records. The database occupied 47 gigabytes of storage space and was readily available online without any password or encryption. While the specific identity of the owner was not immediately disclosed, the nature of the data—which included millions of login credentials—posed an enormous risk for identity theft and account takeover attacks. This discovery highlights the peril of unsecured data lakes.

3. Leaky ServiceBridge Database (31 Million Documents)

Another major finding involved a database associated with ServiceBridge, a field service management software company. Fowler's research uncovered an unsecured database exposing approximately 31 million documents. The information included a vast amount of operational and customer data, demonstrating how third-party vendors and SaaS providers can become significant points of failure in a company's security posture. The diligent reporting by Fowler allowed the company to secure the data quickly.

4. AI Generator Tool Exposes Over a Million Images

The rise of AI tools has introduced new security challenges, as demonstrated by Fowler's discovery concerning a popular AI image generator. He uncovered a data leak that exposed over one million generated images. Crucially, the leak included sensitive images, some of which were personal or even explicit, alongside user metadata. This incident raised serious questions about the privacy policies and data retention practices of nascent AI services, particularly those dealing with user-uploaded or generated content.

5. Financial Data Leak at Navy FCU

Earlier in the year, Fowler was credited with uncovering a data breach at Navy Federal Credit Union (Navy FCU), one of the largest credit unions in the United States. While the exact number of records was not immediately published, the breach at the $180 billion financial institution was significant due to the highly sensitive nature of financial customer data. Discoveries like this emphasize that even major, well-established financial institutions are not immune to the vulnerabilities of misconfigured storage and the need for constant security audits.

The Critical Role of Security Discovery in Modern Cyber Defense

The continuous stream of data breach reports from Jeremiah Fowler and his team at Security Discovery serves as a vital public service. Their work focuses on the most common yet most dangerous vulnerability: the human error of leaving a database open to the public internet.

Understanding the "No Need to Hack" Phenomenon

Fowler’s discoveries often illustrate the concept that "no need to hack when it's leaking." Malicious actors (or "black hat" hackers) often don't need sophisticated zero-day exploits; they simply scan the internet for databases that have no password protection or encryption. This form of exposure, known as an *unsecured database* or a *cloud misconfiguration*, is a fundamental failure in basic security hygiene. The data uncovered by Fowler is often *fresh*—not old or legacy data—meaning the exposure is current and highly relevant to immediate security threats.

Topical Authority and LSI Keywords

Fowler's reports consistently involve entities and concepts critical to modern cybersecurity discussions:

• Cloud Misconfigurations: The root cause of nearly all his findings, specifically involving services like Amazon S3, Elasticsearch, and MongoDB.
• Personally Identifiable Information (PII): The primary type of exposed data, including names, addresses, emails, and login credentials.
• Data Governance: The failure of companies to implement proper policies for data storage, retention, and access control.
• Responsible Disclosure: Fowler’s ethical practice of notifying companies privately before making a public report, giving them time to secure the data.
• HIPAA Compliance: A major entity in his healthcare-related breach reports, highlighting regulatory failures.

The recurring theme in all of Jeremiah Fowler's work is the absolute necessity of rigorous, proactive security checks. As data volumes grow and cloud infrastructure becomes more complex, the risk of accidental public data exposure only increases. His 2025 findings are a clear call to action for every organization to treat data security not as an IT task, but as a core business imperative.