Nearly 1 Million Records Exposed in Airport Lost and Found Data Breach
A recent security breach exposed nearly 1 million records from a German lost and found software provider, putting traveler data at risk across airports in North America and Europe. The vulnerability was identified by a cybersecurity researcher, who reported it to Website Planet, prompting swift corrective action.
Discovery of Unsecured Databases
The researcher found an unprotected database containing 820,750 records belonging to Lost and Found Software, a company that helps airports track and return lost property. Further investigation revealed 14 databases, 10 of which were publicly accessible, totaling 122GB of exposed data.
The compromised records included images and documents related to lost items, such as medical devices, electronics, wallets, and luggage. More concerningly, the breach also exposed high-resolution images of passports, driver’s licenses, and employment documents, increasing the risk of identity theft and fraud.
Security Risks and Industry Accountability
The exposure of sensitive personal information—names, addresses, phone numbers, and payment details—creates a significant security threat. Cybercriminals could use this data for identity fraud, counterfeiting documents, or scamming travelers who have lost high-value possessions.
Additionally, the use of predictable database naming conventions increases cybersecurity risks, making it easier for bad actors to identify and exploit vulnerable systems. This incident highlights the pressing need for industries that collect and store ID data—such as airlines, financial institutions, and government agencies—to strengthen their online security practices.
Company Response and Remedial Actions
Lost and Found Software responded swiftly after receiving the disclosure report, restricting public access to the databases within hours. The company cited misconfigured Amazon S3 bucket policies as the cause of the exposure and stated that only specific storage buckets were affected, rather than the entire internal database.
A day later, the company acknowledged the issue, stating: “We appreciate your security research and have already taken steps to restrict public access to the data. We are now working on removing access to the specific files that were previously available.” However, it remains unclear how long the database was exposed or whether any unauthorized individuals accessed the data.
Preventing Future Data Breaches
This incident serves as a stark reminder of the importance of strong cybersecurity measures for companies handling sensitive identification data. Industries that collect and store ID documents must take proactive steps to prevent similar breaches, including:
- Implementing robust authentication controls to restrict access to sensitive files.
- Establishing data retention policies to minimize long-term exposure of personal information.
- Conducting frequent security audits and penetration tests to identify vulnerabilities before they can be exploited.
- Encrypting highly sensitive records, such as identification documents, to protect against unauthorized access.
The breach highlights the ongoing cybersecurity challenges that businesses face when handling personal data. While Lost and Found Software acted quickly to resolve the issue, the incident underscores the need for all industries dealing with ID data to implement stricter security controls to prevent unauthorized access.
The cybersecurity researcher behind the discovery emphasized that no data was downloaded or misused, and only limited screenshots were taken for verification. His findings aim to encourage stronger security measures and raise awareness about the risks associated with poor data protection practices.