Data Breach at UK-Based Workforce Management Platform Exposes 1.1 TB of Sensitive Information

An unsecured server belonging to Logezy, a UK-based workforce management and staffing solution, has exposed a trove of sensitive documents online, including IDs, contracts, and financial records. The breach, discovered by cybersecurity researchers at vpnMentor, highlights the risks businesses face by misconfigured cloud-based storage solutions.

What Happened?

In April 2025, cybersecurity researcher Jeremiah Fowler discovered an unprotected database with 7,975,438 files measuring a combined 1.1 TB connected to Logezy. Although the company quickly secured the server after it was contacted, the breach remained open and accessible without authentication at the time of discovery, putting sensitive data at risk of theft, fraud, and other abuse.

“Although the records belonged to Logezy, it is not known if the database was owned and managed directly by them or by a third-party contractor,” Fowler’s report reads. “It is also not known how long the database was exposed before I discovered it or if anyone else may have gained access to it. Only an internal forensic audit could identify additional access or potentially suspicious activity.”

What Information Was Exposed?

The database contained highly sensitive personal and employment data in PDF and image formats, including:

• National Insurance numbers
• IDs, Passports, driver’s licenses and residence documents
• Employment contracts and electronic signatures
• Work authorization documents and user images
• Recruitment data and background checks

“The database also contained 656 directory entries indicating different companies, most of which were healthcare providers, recruiting agencies, or temporary employment services,” Fowler said.

The files dated as far back as 2014, indicating a long-term accumulation of sensitive documents stored without adequate protection.

Risks and Potential Consequences

The level of data exposed in this breach poses serious threats, including:

• Identity theft: Attackers could use ID documents and National Insurance numbers to impersonate individuals.
• Employment fraud: Criminals might falsify or forge employment records.
• Financial fraud: Payroll data and bank details could be used for phishing or unauthorized transactions.

What Can You Do?

If you suspect your information may have been exposed:

• Monitor your bank accounts and credit reports for suspicious activity.
• Watch for phishing emails or text messages that use personal details.
• Contact your employer to confirm whether Logezy was used for payroll or HR services.
• Consider using identity theft protection or a digital identity monitoring tool like Bitdefender Digital Identity Protection.