Lost object tracking site suffers a significant data breach.

A data breach has been reported at a travel tracking company, exposing information from a large number of clients. Investigator Jeremiah Fowler discovered an online dataset containing approximately 820,750 records, totaling 122GB. This dataset appears to belong to the German company Lost & Found, which specializes in the aviation industry.

The researcher found that the data was hosted in a collection of 14 databases, of which 10 were publicly accessible and 4 were restricted. Within these databases, there were shipping labels, lost item reports, and screenshots that included personal items such as electronic devices, wallets, luggage, and medical items commonly carried by travelers on their flights.

Additionally, the dataset included a variety of documents that could be used to identify individuals, such as scans of passports, driver's licenses, and employment documents. It is suggested that these documents may have been lost and uploaded by airport staff, or used to file claims and verify ownership of lost items.

Following the notification of the potential data exposure, the databases were restricted within hours. However, there is still uncertainty about whether these databases were managed directly by Lost & Found or if an external contractor had control. It is also unknown how long the information was exposed or if any malicious actors accessed it.

The inclusion of IDs and passports in the dataset poses a significant risk of identity theft, as criminals could use this information to apply for loans, credit cards, or open bank accounts. Individuals who may be affected are advised to closely monitor their accounts, transactions, and financial statements, reporting any suspicious activity to their bank immediately. They are also recommended to remain vigilant against potential social engineering attacks, carefully examining any unexpected communication from unknown sources, especially those requesting any action.