- A travel follow -up software company has suffered data violation
- The researcher discovered 10 lost and found databases
- More than 800,000 lost and found customers could be exposed
A data set that contains 820,750 records for a total of 122 GB, most likely belonging to the German follow -up software firm Lost & Found, which mainly serves the aviation industry, has been discovered online.
As revealed by the security researcher, Jeremiah Fowler, this was in a set of unprotected and publicly exposed data of 14 databases in total, 10 that were accessible and 4 that were restricted. Among these, the researcher found shipping labels, reports of lost items and screenshots, ranging from personal electronics, wallets, bags, medical devices and other personal effects that travelers often take flights.
However, that is not all, since several personal identification documents were also included, such as passport scans, driving licenses, employment documents and more. The researcher suggests that these could be lost and loaded by airport staff, or used to present claims and identify the property of lost documents.
Customers at risk
Once a dissemination warning was sent, the databases were restricted “in a matter of hours.” It is not yet known if the databases were owned and managed directly by Lost & Found, or if a third -party contractor had control. Nor is it clear how long the data set was exposed, or if the threat actors accessed the information.
Since there is the possibility that the threat actors access the information, this leaves anyone exposed in the violation at risk. Since ID and Passports were included, this means that the main risk is identity theft, since criminals could use these scans to request loans, credit cards or bank accounts.
To protect against this, anyone interested in being affected must closely monitor their account, transactions and statements, and immediately inform any suspicious activity to their bank.
Along with this, you are attentive to any social engineering attacks carefully inspecting any unexpected communication that you receive from unknown sources, especially those that request actions.
