There are several possible scenarios:
Disable directory listing in your server settings (e.g., via in Apache or autoindex off in Nginx). Move backup files to a secure, non-public directory. Index Of Database.sql.zip1
But first, (on an air-gapped machine) for forensic analysis. You need to know how old the leak is. non-public directory. But first
If you want, I can: