Lost & Found tracking site hit by major data breach - over 800,000 could be affected

A graphic showing fleet tracking locations over a city.

(Image credit: Shutterstock / Ekaphon maneechot)

A travel tracking software firm has suffered a data breach
The researcher discovered 10 open Lost & Found databases
Over 800,000 Lost & Found customers could be exposed

A dataset containing 820,750 records totaling 122GB has been discovered online, most likely belonging to German tracking software firm Lost & Found, which primarily services the aviation industry.

As revealed by security researcher, Jeremiah Fowler, this was in an unprotected and publicly exposed dataset of 14 databases in total, 10 that were accessible and 4 that were restricted. Within these, the researcher found shipping labels, lost item reports, and screenshots, ranging from personal electronics, wallets, bags, medical devices, and other personal effects travelers often take on flights.

That’s not all though, as a number of personally identifiable documents were also included, such as passport scans, drivers licenses, employment documents, and more. The researcher suggests these could either be lost and uploaded by airport staff, or used to file claims and identify ownership of lost documents.

Customers at risk

Once a disclosure notice was sent, the databases were restricted “within hours”. It’s not yet known whether the databases were owned and managed directly by Lost & Found, or if a third-party contractor had control. It’s also unclear how long the dataset was exposed, or if threat actors accessed the information.

Since there is a possibility that the information was accessed by threat actors, this leaves anyone exposed in the breach at risk. Since IDs and passports were included, this means the primary risk is identity theft, as criminals could use these scans to apply for loans, credit cards, or bank accounts.

To protect against this, anyone concerned they may be affected should closely monitor their account, transactions, and statements, and immediately report any suspicious activity to their bank.

Alongside this, be vigilant against any social engineering attacks by carefully inspecting any unexpected communications you receive from unknown sources - especially those prompting action.

Check out our list of the best firewall software around today
Top IVF firm says hackers accessed private data during cyber incident
We've also rounded up the best malware removal software on offer right now

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.