Data Breach Details

A dataset containing 820,750 records totaling 122GB has been discovered online, belonging to German tracking software firm Lost & Found, which primarily services the aviation industry. The breach was discovered by security researcher Jeremiah Fowler, who found 10 open Lost & Found databases, including shipping labels, lost item reports, and screenshots of personal electronics, wallets, bags, medical devices, and other personal effects travelers often take on flights.

Personally identifiable documents were also included, such as passport scans, drivers' licenses, employment documents, and more. These could have been lost and uploaded by airport staff or used to file claims and identify ownership of lost documents.

Response and Recommendations

After a disclosure notice was sent, the databases were restricted within hours. However, it's unclear whether the databases were owned and managed directly by Lost & Found or if a third-party contractor had control. It's also unclear how long the dataset was exposed or if threat actors accessed the information.

Customers affected by the breach are at risk of identity theft, as criminals could use the scans to apply for loans, credit cards, or bank accounts. To protect against this, anyone concerned they may be affected should closely monitor their account, transactions, and statements, and immediately report any suspicious activity to their bank.

Additionally, individuals should be vigilant against social engineering attacks by carefully inspecting any unexpected communications from unknown sources, especially those prompting action.