Two Decades of Triangle Insurance Documents Exposed Publicly
The server was insecure for years, containing over 500,000 documents and decades worth of claims, email backups and more.
At the start of May 2025, while researching exposed cloud storage servers, I noticed one exposing Insurance documents from the United States.
Some of the documents I saw included:
Email backups
Policy changes
Insurance claims: Work injuries, Healthcare, and Car accident claims - full reports attached, such as medical documents, pictures of the vehicles, etc.





The server contained a total of 571,623 files exposed at the time of listing.
Files were split into subdirectories for each month and year; two decades of documents from the end of 2006 to the day I listed the files in April 2025 were exposed.
Count per year:
2006 - 29 2007 - 6,155 2008 - 8,355 2009 - 12,647 2010 - 11,635 2011 - 12,007 2012 - 10,125 2013 - 47,666 2014 - 26,668 2015 - 29,692 2016 - 37,497 2017 - 48,529 2018 - 42,167 2019 - 41,136 2020 - 37,556 2021 - 39,583 2022 - 45,019 2023 - 47,772 2024 - 50,666 2025 - 16,719
The files seemed to point to an Insurance Company in the United States, https://www.triangleins.com, so I looked for some contacts to notify.
Notifying Triangle Insurance
On May 8th, 2025, I sent an email to multiple execs at Triangle Insurance.
The email didn’t seem to have been read, or was dismissed as spam, and four days later, I still had no reply, and the data was still exposed.
I decided to ask @PogoWasRight from https://databreaches.net for some help.
On May 12th, she emailed the company and then called them to follow up. The call wasn’t picked up, so she left a voicemail, and they returned the call.
On May 13th, the exposure was fixed. A day later, the Triangle Insurance Chief Operating Officer sent me an email.
The email thanked me for the notification and for following up with databreaches.net, as email filters caught my initial email. They confirmed the exposure was fixed and asked me to delete any data that I might have accessed.
I replied to the email with more information, such as when the server first showed exposed in my logs, which was July 2021. I also asked about the intent regarding notifications to affected individuals.
I was told the company is working with its software vendor to investigate the issue fully and has notified its domicile regulator. They also may expand the notice, if necessary, based on their findings.
If you’re interested in more incidents I dealt with, you can check all my public finds indexed by country on the post below: