Discovery Of Florida-Based TransCredit’s Dataset With Trucking, Transport Company & Individual Driver Information Apparently Tied To Credit Accounts, Loans, Repayment And Debt Collection
WebsitePlanet.com has reported that “[s]ecurity researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained 822,789 records.”
According to WebsitePlanet.com, “The dataset had detailed information on trucking, transport companies, and individual drivers. The data appeared to be connected to credit accounts, loans, repayment, and debt collections. This included banking information and tax ID numbers. Many of the Tax IDs were consistent with what appeared to be SSN (Social Security Numbers) and stored in plain text.”
WebsitePlanet.com reported that “there were multiple references including internal emails and usernames of a Florida based company called TransCredit“; the investigative team “sent a responsible disclosure notice to TransCredit and public access was restricted shortly after”; and “[t]he records appeared to contain the data of trucking and transportation companies based in the United States and Canada.”
The following information, according to WebsitePlanet.com, was discovered:
- Total Records: 822,789
- Internal records that include customers first and last names, emails, bank information, Tax ID numbers that appear to be SSN and EIN (Employer Identification Number).
- These individuals could be at risk of a targeted social engineering attack using insider information.
- Detailed notes on collections, payment histories, new applicants, status and progress. References to “TransCredit” and “Transcore”
- Internal Passwords and login IDs / Usernames, account numbers. We can only assume that these could be used to access the user portal. (We do not circumvent password protections or attempt to validate user credentials for ethical reasons).
- Indices named:
- The files also show where data is stored and a blueprint of how the network operates from the back end. The database was at risk of a ransomware attack that would encrypt the data.
Additionally, WebsitePlanet.com reported that “[t]his database contained enough information to create a range of highly targeted fraud or scams. Criminals armed with insider knowledge could potentially gain trust very easily and companies or individuals would be less suspicious when presented with verifying a Tax ID or other data.” [All emphasis added.]
Have You Been Impacted by A Data Breach?
If so, please complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.