Massive Data Breach Exposes 40 Billion Records From Marketing Platform

A staggering 40 billion records containing sensitive customer data were exposed in an unencrypted, non-password-protected database belonging to Netcore Cloud Pvt. Ltd, an India-based marketing services company. Cybersecurity researcher Jeremiah Fowler discovered the 13-terabyte breach on October 28, 2025.

The security lapse potentially compromised confidential information including email addresses, partial account numbers, IP addresses, banking notifications, and healthcare data. While Netcore secured the database the same day they were notified, it remains unclear how long the information was accessible or whether malicious actors obtained the data before restrictions were implemented.

Scope and content of the exposed data

The massive breach involved approximately 40 billion records stored on an unsecured database linked to Netcore Cloud, which provides email marketing and customer engagement services to businesses globally. According to Fowler's findings, the exposed database contained numerous files marked as "confidential" that included:

• Mail log records containing communication details
• Banking notifications with partial account information
• Healthcare information of unknown scope
• Email addresses (both personal and professional)
• IP addresses that could identify user locations
• Various customer relationship data

The size of the breach—13 terabytes—makes it one of the larger data exposures discovered in recent years. Particularly concerning was the complete lack of basic security measures, as the database had neither encryption nor password protection.

"The exposure of billions of digital messaging records has numerous potential risks that go far deeper than unwanted spam messages," Fowler explained in his report. He emphasized that beyond immediate privacy concerns, the exposed information "could provide criminals with a better understanding of the business, customer, or banking relationships that an individual has."

This incident highlights the critical importance of implementing comprehensive data security protocols at every level of organizational operations, especially for companies handling vast amounts of sensitive information.

Response and remediation

Upon discovering the unsecured database, Fowler followed responsible disclosure protocols by immediately contacting Netcore Cloud. According to Security Magazine's report, the company responded promptly by:

1. Restricting access to the database the same day they received notification
2. Expressing gratitude to Fowler for reporting the vulnerability
3. Requesting additional information about the exposure to guide their investigation

This swift response likely limited the potential damage, though key questions remain unanswered. Most critically, investigators have not determined how long the database remained exposed before discovery or whether any unauthorized parties accessed the information during that period.

Organizations experiencing similar incidents should conduct thorough forensic analyses to determine the full scope of exposure and implement enhanced security measures to prevent future data breaches from occurring.

Potential impact and risks

The implications of this breach extend far beyond Netcore itself, potentially affecting millions of individuals whose information was stored in the database. Security experts highlight several concerning aspects of this exposure:

Fowler warned that the records "could reveal sensitive personal and financial data that could be used by criminals for targeted phishing attempts." Such personalized attacks have proven highly effective, as they leverage legitimate-appearing information to trick recipients.

The exposure of banking notifications and partial account numbers creates heightened risk for financial fraud. Criminals could potentially use this information to craft convincing impersonation schemes targeting financial institutions or their customers.

Healthcare information, which may include protected health information (PHI) under various regulations, presents both privacy and compliance concerns. Organizations responsible for such data typically face stringent requirements regarding security safeguards.

The international dimension adds complexity, as Netcore's India-based operations likely contain data from customers worldwide, potentially triggering various regulatory frameworks and notification requirements.

According to the Identity Theft Resource Center, data breaches involving multiple data types significantly increase the risk of identity theft and financial fraud for affected individuals.

Regulatory consequences

Organizations that fail to adequately protect sensitive customer data face increasingly severe regulatory penalties. Depending on the geographic scope of affected individuals, Netcore may face scrutiny under various data protection frameworks including GDPR (Europe), CCPA (California), and India's Personal Data Protection Bill.

These regulations typically require prompt notification to affected individuals and can impose substantial financial penalties for security lapses. The lack of basic security measures such as encryption and password protection may be viewed particularly negatively by regulatory authorities investigating the incident.

Industry implications

This breach serves as a sobering reminder for companies in the marketing technology sector about the substantial responsibilities associated with data collection. As businesses increasingly rely on third-party services to manage customer communications and data, thorough security vetting of such partnerships becomes essential for protecting sensitive business information throughout the supply chain.

How to protect yourself from data breach fallout

If you're concerned your information might have been exposed in this breach, consider taking these protective measures:

• Monitor your accounts for suspicious activity, particularly focusing on financial statements and unexpected communications
• Implement multi-factor authentication on all sensitive accounts to prevent unauthorized access even if credentials are compromised
• Be especially vigilant about phishing attempts that may reference legitimate organizations or partial account information
• Consider placing credit freezes or fraud alerts with major credit bureaus if you have reason to believe your financial information was exposed

Taking immediate protective action is crucial, as cybercriminals often move quickly to exploit newly exposed data before affected individuals can implement security measures.

Broader implications for data security

This incident highlights persistent challenges in corporate data security practices. Despite increasing regulatory pressure and high-profile breaches, basic security measures like encryption and password protection remain inconsistently implemented.

As organizations continue to collect vast amounts of customer data for marketing and operational purposes, the potential impact of security lapses grows exponentially. The Netcore incident demonstrates how a single unsecured database can expose billions of records containing sensitive information across multiple sectors.

With data breach notification laws varying globally, affected individuals may not receive timely alerts about potential exposure of their information. This underscores the importance of proactive personal security measures regardless of whether you've been formally notified of involvement in a breach.

The incident serves as a reminder that data security requires continuous vigilance, particularly as organizations increasingly rely on cloud-based storage and third-party marketing services to manage customer relationships.

Security best practices for organizations

Organizations handling sensitive customer data should implement a multi-layered security approach including:

• Regular security audits and vulnerability assessments
• Encryption for all sensitive data both in transit and at rest
• Access controls based on the principle of least privilege
• Employee security awareness training focused on emerging threats
• Incident response plans that enable rapid containment and notification

Proactive security measures are substantially more cost-effective than addressing the aftermath of a major breach, which often includes regulatory penalties, litigation, remediation costs, and significant reputational damage.