Two Decades of Triangle Insurance Documents Exposed Publicly

The server was insecure for years, containing over 500,000 documents and decades worth of claims, email backups and more.

At the start of May 2025, while researching exposed cloud storage servers, I noticed one exposing Insurance documents from the United States.

Some of the documents I saw included:

• Email backups

• Policy changes

• Insurance claims: Work injuries, Healthcare, and Car accident claims - full reports attached, such as medical documents, pictures of the vehicles, etc.

Examples of the exposed documents on the server.

The server contained a total of 571,623 files exposed at the time of listing.

Files were split into subdirectories for each month and year; two decades of documents from the end of 2006 to the day I listed the files in April 2025 were exposed.

Count per year:

Text within this block will maintain its original spacing when published

2006 - 29
2007 - 6,155
2008 - 8,355
2009 - 12,647
2010 - 11,635
2011 - 12,007
2012 - 10,125
2013 - 47,666
2014 - 26,668
2015 - 29,692
2016 - 37,497
2017 - 48,529
2018 - 42,167
2019 - 41,136
2020 - 37,556
2021 - 39,583
2022 - 45,019
2023 - 47,772
2024 - 50,666
2025 - 16,719

The files seemed to point to an Insurance Company in the United States, https://www.triangleins.com, so I looked for some contacts to notify.

Notifying Triangle Insurance

On May 8th, 2025, I sent an email to multiple execs at Triangle Insurance.

Screenshot of the initial email sent to Triangle Insurance notifying them of the issue.

The email didn’t seem to have been read, or was dismissed as spam, and four days later, I still had no reply, and the data was still exposed.

I decided to ask @PogoWasRight from https://databreaches.net for some help.

On May 12th, she emailed the company and then called them to follow up. The call wasn’t picked up, so she left a voicemail, and they returned the call.

On May 13th, the exposure was fixed. A day later, the Triangle Insurance Chief Operating Officer sent me an email.

The email thanked me for the notification and for following up with databreaches.net, as email filters caught my initial email. They confirmed the exposure was fixed and asked me to delete any data that I might have accessed.

I replied to the email with more information, such as when the server first showed exposed in my logs, which was July 2021. I also asked about the intent regarding notifications to affected individuals.

I was told the company is working with its software vendor to investigate the issue fully and has notified its domicile regulator. They also may expand the notice, if necessary, based on their findings.

Text within this block will maintain its original spacing when published

If you’re interested in more incidents I dealt with, you can check all my public finds indexed by country on the post below:

The Hub of Stupi... *misconfigs Index