This post is also available in:
עברית (Hebrew)
A recent cybersecurity discovery has revealed a major data leak that could have serious consequences for travelers worldwide. Fourteen publicly exposed databases containing over 820,000 sensitive records, totaling 122GB of personal information, were found online. The data, which was linked to lost luggage management systems used by airports across the US, Canada, and Europe, exposed travelers to the risk of identity theft and other cybercrimes.
The leaked information, discovered by cybersecurity researcher Jeremiah Fowler, includes a range of personal details such as payment confirmations, original receipts, images of lost items, and, more concerningly, high-resolution images of critical documents like passports, driver’s licenses, and employment records. These records were part of a tracking system used by a German company to manage lost and found items at various airports. The database was not protected by passwords or encryption, making it accessible to anyone with the right knowledge.
The data breach could provide cybercriminals with everything they need to commit identity fraud. Personal identifiers like passports and driver’s licenses can be used to open bank accounts, forge official documents, or even sell stolen identities on the dark web.
The exposure of this information also increases the potential for sophisticated phishing scams. Cybercriminals could exploit insider knowledge of lost items to pose as airport or lost and found employees, tricking victims into sharing more personal or financial details under the guise of verifying lost property.
In response to the discovery, the company behind the software secured the databases within hours of being notified. However, the breach highlights the importance of safeguarding sensitive data with encryption and strong access control measures. Fowler advises organizations to avoid using predictable naming conventions for their databases, as this can expose them to automated attacks.
This breach serves as a stark reminder of the cybersecurity risks associated with handling sensitive data and underscores the need for better protection strategies in industries that deal with personal information.
