Overview
Severity: CRITICAL | Affected: VerbalizeAI | Category: breach
VerbalizeAI, a popular AI-powered transcription service for enterprise clients, has confirmed a massive data breach affecting over 15 million customer audio recordings and their corresponding transcripts. The breach was caused by a misconfigured cloud storage bucket that was left publicly accessible for several months. The exposed data includes sensitive conversations from medical consultations, legal depositions, and confidential corporate meetings. Security researchers who discovered the leak found that the data was not encrypted at rest. VerbalizeAI is now facing multiple class-action lawsuits and regulatory scrutiny under GDPR and CCPA. The incident underscores the critical need for stringent data security hygiene, especially for AI companies handling vast amounts of sensitive, unstructured data. The company has since secured the bucket and is notifying affected customers.