What happened with Screen Technologies LLC (Rockerbox.tech)?

Screen Technologies LLC, operating as Rockerbox.tech, a Dallas-based tax credit consulting firm, was found to be leaking customer data through an unprotected publicly accessible database. The security issue was discovered by cybersecurity researcher Jeremiah Fowler.

How much data was exposed in the Rockerbox database leak?

The unprotected database contained 245,949 records totaling 286.9 GB of highly sensitive personal and financial information belonging to the company's clients.

What types of personal information were exposed?

The exposed data included names, physical addresses, email addresses, dates of birth, and Social Security numbers in plain text, along with driver's licenses, identification cards, and Social Security number cards.

What employment and financial documents were leaked?

The database exposed Work Opportunity Tax Credit documents containing employment and salary information, determination letters with eligibility decisions, employment tax credit forms, internal tracking documents, and company information including employer EIN tax identification numbers.

Were military documents included in the data breach?

Yes, the exposed data included DD214 forms (Certificates of Release or Discharge from Active Duty) issued by the U.S. Department of Defense and military discharge papers containing rank, pay, and personal information.

How many individuals were affected by the breach?

The total number of affected individuals is not disclosed apart from the total number of records (245,949). It's not clear whether one record amounts to one individual.

How did Rockerbox respond to the disclosure?

Rockerbox did not reply to the responsible disclosure notice from the researcher. However, the database was restricted from public access several days after the notification was sent.

Incident

Rockerbox tax credit consultancy leaks 245 K client records

Q: How was the security issue discovered and reported?

Cybersecurity researcher Jeremiah Fowler discovered the unprotected database and sent a responsible disclosure notice to Rockerbox alerting them to the security issue. The database was restricted from public access several days later.

Q: What remains unknown about the Rockerbox data exposure?

It's not clear whether the database was owned and managed directly by Rockerbox or by a third-party contractor, how long the database was exposed before discovery, or if any other unauthorized parties gained access to the information.

published: July 10, 2025

Learn More

Screen Technologies LLC, operating as Rockerbox.tech, a Dallas-based tax credit consulting firm, was found to be leaking customer data by the cybersecurity researcher Jeremiah Fowler.

Rockerbox is a tax credit consulting company that helps businesses across the United States identify and manage employer-focused tax incentives through programs including the Work Opportunity Tax Credit (WOTC), Employee Retention Tax Credit (ERTC), R&D credits, and Empowerment Zone credits.

Fowler discovered an unprotected publicly accessible database containing highly sensitive personal and financial information belonging to the company's clients. The database exposed 245,949 records totaling 286.9 GB of data.

The exposed data includes:

Names, physical addresses, email addresses, dates of birth, and Social Security numbers in plain text
Driver's licenses and identification cards
Social Security number cards
Work Opportunity Tax Credit documents containing employment and salary information
Determination letters with acceptance or denial of eligibility decisions
DD214 forms (Certificates of Release or Discharge from Active Duty) issued by the U.S. Department of Defense
Employment tax credit forms and internal tracking documents
Company and employee information including employer EIN tax identification numbers
Military discharge papers containing rank, pay, and personal information

The total number of affected individuals is not disclosed apart from the total number of records. It's not clear whether one record amounts to one individual. Also it's not clear whether the database was owned and managed directly by Rockerbox or by a third-party contractor, how long the database was exposed before discovery, or if any other unauthorized parties gained access to the information.

Fowler sent a responsible disclosure notice to Rockerbox alerting them to the security issue. The database was restricted from public access several days later. Rockerbox did not reply to the disclosure.

Rockerbox tax credit consultancy leaks 245 K client records

Read More
Triage Staffing reports third party data breach exposing …
Southern Graphics Inc. reports data breach exposing data …
Arbor Associates reports data breach exposing patient information
Akira ramsomware gang claims breach of Wakefield & …
Healthcare tech company Veradigm data breach exposed patient …