Major U.S. fuel industry software provider FleetPanda had 780,191 documents exposed due to a significant server misconfiguration, reports Hackread.
Included among the files in the unsecured 193 GB database were information regarding fuel and petroleum shipments, invoices, and delivery tickets to and from companies, pipelines, and industries across several states, including California, Colorado, Oklahoma, Oregon, and Texas between 2019 and August 2024, a report by cybersecurity researcher Jeremy Fowler published on Website Planet showed.
Aside from exposing driver's licenses and applications with Social Security numbers and other personally identifiable information, the database also leaked details on stores, vehicles, synctrucks, and workers, according to Fowler, who was uncertain about who managed the database.
Fowler urged organizations to ensure not only separate storage for sensitive employee data and invoices but also the adoption of robust access controls, regular software updates, network monitoring systems and cybersecurity training programs for employees.
