Security Researcher Jeremiah Fowler in cooperation with the WebsitePlanet research team discovered a non-password protected database that contained 92 million records. Upon further investigation it appeared to belong to the Cronin digital marketing agency. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. These records included internal data such as employee and client information. Also included in the dataset was a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from.
The Connecticut based agency has some very well known clients listed on their website. According to Cronin’s website they are “digitally driven, results-focused marketing agency that’s propelled by technology. Client focus: financial, healthcare & consumer products/services”. In a press release dated March 16, 2020, Horizon Group of North America has acquired Cronin, Connecticut’s largest independent full-service marketing agency. Their clients list includes companies such as Dunkin, Lego, Henkel, Loctite to mention a few