Cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database containing over 780,000 records belonging to FleetPanda, a tech provider specializing in dispatch management and analytics for the fuel industry.
The database, holding 193 GB of files, included sensitive documents such as driver applications, invoices, licenses, and background checks, all containing personally identifiable information (PII).
The exposed records dated from 2019 to August 2024 and involved fuel shipments across several U.S. states, including high-resolution images of driver’s licenses and employment applications with Social Security numbers.
The breach raises concerns about potential threats like invoice fraud and identity theft. However, it’s unclear how long the data was accessible or whether it was accessed by malicious actors. The database was secured shortly after the discovery, but FleetPanda did not respond to Fowler’s disclosure.
This breach underscores the cybersecurity risks facing the energy sector, especially following high-profile attacks like the Colonial Pipeline ransomware incident. Despite no evidence of misuse in this case, the exposure highlights the importance of robust data security in industries handling critical infrastructure.
