A major data security lapse by Income Property Investments Inc., a California-based real estate firm, left over 170,000 confidential records accessible on an unprotected server. The exposed information included names, Social Security numbers, birthdates, addresses, employment records, medical details, and even police reports and surveillance footage.

The breach affects both hotel guests and employees across multiple states, with properties including Motel 6 linked to the dataset. Cybersecurity researcher discovered the vulnerability and reported it, prompting the company to quickly secure the server—though without public acknowledgment.

Potential Risks:

• Identity Theft: With access to full personal identifiers, malicious actors could commit financial fraud or open accounts in victims’ names.
• Privacy Violations: Sensitive employee incidents, medical results, and arrest records could lead to reputational harm or legal complications.
• Corporate Liability: The inclusion of surveillance and internal HR documents raises questions about legal compliance and data handling protocols.
• Operational Exposure: Leaked internal documents might offer insights into company operations, potentially exploited by competitors or hostile entities.

The full extent of the damage is unknown, and affected individuals may not have been informed their data was compromised.