Fuel industry software hit by data leak, IDs and Drivers Licenses exposed

Sensitive customer data left exposed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hundreds of thousands of personal documents were left sitting in an unprotected database available to anyone who knew where to look, cybersecurity researcher Jeremiah Fowler has claimed.

Talking toWebsitePlanet, Fowler outlined how he discovered the database belongs to FleetPanda, a cloud-based fleet management and dispatch software designed to streamline fuel distribution operations.

The platform offers real-time tracking, automated order management, and seamless integration with various back-office systems.

FleetPanda reacts

The company kept a non-password-protected database containing 780,191 documents, with a total size of 193 GB. It held various .PDF, .JPG, and other files, which contained information on fuel and petroleum shipments to and from different companies, industries, and even pipelines. Other files included invoices, delivery tickets, but also driver applications, high-resolution images of driver’s licenses, and background checks that contained personally identifiable information (PII).

The files were generated between 2019 and August 2024, and were listed as cache files. The invoices also contained billing and delivery information such as bill to, delivered to, delivered by, ticket, PO or order numbers, truck numbers, and other internal identifiers or tracking data.

Fowler said that he disclosed his findings to FleetPanda, which locked the database a few days later - without a word. Therefore, we don’t know how long the database was kept unlocked, if a third party was maintaining it, and if anyone accessed the contents before Fowler did.

We reached out to the company with these questions and will update the article accordingly.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With most companies being “data companies” these days, and with the omnipresence ofcloud computing, the majority of firms are holding their data incloud storage. Therefore, unprotected databases remain one of the most common causes of data leaks.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days