- CyberNews researchers find an unknown Mongodb database that contains millions of records and dental appointments
- Most likely it belonged to a “Dental Marketing Specialist” agency
- Users must be on guard against possible attacks
A massive database that contained personal identification information and other records that belong to millions of American citizens sat without protection on the Internet, easily obtained for anyone who knew where to look for, experts have warned.
Cybersecurity researchers in Cybernews He discovered the file at the end of March 2025, finding that it contained approximately 2.7 million patient profiles and 8.8 million appointment records.
The data included the names of people, birth dates, emails, postal addresses, telephone numbers, gender information, table identifications, language preferences, billing details and dating records (including patient metadata, time brand and institutional references).
Gargle
Cybernews could not confirm its owner, but says that “clues buried in the database” point to Gargy, a digital marketing company that describes itself as “specialists in dental marketing”, which offer services such as design of websites, SEO, content marketing, PPC management and advertisement creation.
“While it is not a medical care provider itself, Gargy’s business model is based on managing the patient -oriented infrastructure and, in this case, possibly patient data,” Cybernews explained.
Other details are scarce: it is not known if Gargy really handled the database or if a third party did. Nor do we know how long the file remained unlocked, and if a malicious actor found him before Cybernews, although we do know that it was blocked the same day it was discovered.
Uncommable databases remain one of the most common causes of data leaks. Many security researchers warn that organizations do not understand that cloud security works in a shared responsibility model.
