Lost & Found tracking site hit by major data breach - over 800,000 could be affected

A graphic showing fleet tracking locations over a city.
(Image credit: Shutterstock / Ekaphon maneechot)

  • A travel tracking software firm has suffered a data breach
  • The researcher discovered 10 open Lost & Found databases
  • Over 800,000 Lost & Found customers could be exposed

A dataset containing 820,750 records totaling 122GB has been discovered online, most likely belonging to German tracking software firm Lost & Found, which primarily services the aviation industry.

As revealed by security researcher, Jeremiah Fowler, this was in an unprotected and publicly exposed dataset of 14 databases in total, 10 that were accessible and 4 that were restricted. Within these, the researcher found shipping labels, lost item reports, and screenshots, ranging from personal electronics, wallets, bags, medical devices, and other personal effects travelers often take on flights.

That’s not all though, as a number of personally identifiable documents were also included, such as passport scans, drivers licenses, employment documents, and more. The researcher suggests these could either be lost and uploaded by airport staff, or used to file claims and identify ownership of lost documents.

Customers at risk

Once a disclosure notice was sent, the databases were restricted “within hours”. It’s not yet known whether the databases were owned and managed directly by Lost & Found, or if a third-party contractor had control. It’s also unclear how long the dataset was exposed, or if threat actors accessed the information.

Since there is a possibility that the information was accessed by threat actors, this leaves anyone exposed in the breach at risk. Since IDs and passports were included, this means the primary risk is identity theft, as criminals could use these scans to apply for loans, credit cards, or bank accounts.

To protect against this, anyone concerned they may be affected should closely monitor their account, transactions, and statements, and immediately report any suspicious activity to their bank.

Alongside this, be vigilant against any social engineering attacks by carefully inspecting any unexpected communications you receive from unknown sources - especially those prompting action.

You might also like

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Representational image of data security
Travel data of almost 500,000 users exposed in Daytrip leak
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
healthcare
Over a million clinical records exposed in data breach
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way