Massive Data Exposure: 2.7M U.S. Patient Profiles Leaked in Unsecured MongoDB Breach A misconfigured MongoDB database, linked to U.S.-based dental marketing firm Gargle, exposed 2.7 million patient profiles and 8.8 million appointment records, according to researchers at Cybernews. The unsecured database—since secured—contained sensitive personal data, including names, birthdates, addresses, phone numbers, emails, gender, language preferences, chart IDs, and billing details, as well as appointment timestamps, patient metadata, and institutional references. Investigators suspect the leak originated from third-party service-linked infrastructure, raising concerns about supply chain vulnerabilities. The exposed data poses significant risks, including identity theft, insurance fraud, phishing, and social engineering attacks. Under the Health Insurance Portability and Accountability Act (HIPAA), Gargle is required to notify affected individuals, though no official confirmation of such notifications has been reported. The incident underscores the persistent threat of misconfigured cloud databases, which remain a leading cause of large-scale data exposures. No evidence of malicious access has been disclosed, but the scale of the leak highlights the potential for long-term misuse of compromised medical and personal records.