Lost & Found tracking site hit by major data breach - over 800,000 could be affected

News
By published

German tracking and returns service hit by breach

A graphic showing fleet tracking locations over a city.
(Image credit: Shutterstock / Ekaphon maneechot)
  • A travel tracking software firm has suffered a data breach
  • The researcher discovered 10 open Lost & Found databases
  • Over 800,000 Lost & Found customers could be exposed

A dataset containing 820,750 records totaling 122GB has been discovered online, most likely belonging to German tracking software firm Lost & Found, which primarily services the aviation industry.

As revealed by security researcher, Jeremiah Fowler, this was in an unprotected and publicly exposed dataset of 14 databases in total, 10 that were accessible and 4 that were restricted. Within these, the researcher found shipping labels, lost item reports, and screenshots, ranging from personal electronics, wallets, bags, medical devices, and other personal effects travelers often take on flights.

That’s not all though, as a number of personally identifiable documents were also included, such as passport scans, drivers licenses, employment documents, and more. The researcher suggests these could either be lost and uploaded by airport staff, or used to file claims and identify ownership of lost documents.

Customers at risk

Once a disclosure notice was sent, the databases were restricted “within hours”. It’s not yet known whether the databases were owned and managed directly by Lost & Found, or if a third-party contractor had control. It’s also unclear how long the dataset was exposed, or if threat actors accessed the information.

Since there is a possibility that the information was accessed by threat actors, this leaves anyone exposed in the breach at risk. Since IDs and passports were included, this means the primary risk is identity theft, as criminals could use these scans to apply for loans, credit cards, or bank accounts.

To protect against this, anyone concerned they may be affected should closely monitor their account, transactions, and statements, and immediately report any suspicious activity to their bank.

Alongside this, be vigilant against any social engineering attacks by carefully inspecting any unexpected communications you receive from unknown sources - especially those prompting action.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.