In an alarming turn of events, the word “data breach” has become part of our everyday vocabulary. Industry experts believe that around 1,500 big-scale data breaches happen every year. While some companies inform their clients, others do not. Data breaches occur when cybercriminals hack into company databases to steal information. A transportation industry data breach almost occurred in January 2022.
Security researcher Jeremiah Fowler and the research team at Website Planet stumbled upon a data scientist’s worst nightmare. The team found a database of 822,789 records that were not password protected. It contained detailed information on trucking, transport companies, and individual drivers. Meticulously maintained records on credit accounts, loans, repayment, and debt collections were also stored in plain text. This list included bank details and tax IDs. A large number of the tax IDs appeared consistent with social security numbers (SSN) and employee identification numbers (EIN).
The detailed notes and history of collections, payments, and application statuses were worrying. The level of access and amount of information up for grabs made it ripe for a ransomware attack or a social engineering attack. Further research revealed internal emails, and usernames belonging to a Florida-based company called Trans Credit. The team notified the concerned authorities, and public access was restricted. Any form of data in the wrong hands can lead to identity theft or worse.
TransCredit Scores and Uses
TransCredit gives a score to users in trucking, transport companies, and individual drivers. Similar to a traditional credit score, this score assigns a number to shippers and brokers. The number ranging from 0 to 99 is a one-shot risk assessment score. The records accessed by Jeremiah’s team contained details about late payments, bankruptcy, and non-payments. It exposed the financial health of numerous companies and individuals.
Risks and Exposure
Log in IDs, usernames, passwords, and account numbers were also discovered during the investigation. The files contained a data map that showed the location of records and how to access it from the back-end. Access to such a vast range of information enables criminals to cherry-pick targets. They can impersonate government officials with the help of tax information and demand payment or request additional information.
Due Diligence and the Way Forward
There has been a consistent rise in cybersecurity attacks since the start of the Covid-19 pandemic. Cybercrime accounts for losses in trillions of dollars every year. Human errors that can be avoided led to a majority of these attacks. Experts warn of more coordinated and targeted attacks in the coming year. They expect the numbers to climb higher and urge users to be more responsible while sharing data with others.
Last year in December, Jeremiah and his team called attention to non-password protected data of healthcare workers who seemed to be associated with Gale Healthcare Solutions.
It is important to secure one’s digital identity in a day and age where our future hinges on keeping our personal information secure. In case you are notified of a data breach, it is recommended that you change your passwords right away and visit the company website. You can also reach out to the company and ask for information. Be vigilant of emails that seem to ask for verification from the company that has been impacted. If it seems dubious, reach out to the affected firm directly.
Additionally, monitor your accounts and keep track of all the charges. Scammers tend to test the waters with smaller crimes before pulling off bigger ones. The stolen data often finds its way to the dark web where hackers and other criminals use it for profit.