June 4, 2023

An Amazon S3 bucket owned by logistics giant D.W. Morgan that was left unsecured online that contained more than 100 GB of sensitive data relating to shipments and the company’s clients, including some Fortune 500 companies such as Cisco and Ericsson.

Exposed data included:

  • Signatures
  • Full names 
  • Attachments
  • Phone numbers
  • Goods ordered 
  • Cargo damages
  • Process photos
  • Process details
  • Billing addresses
  • Dates of invoices
  • Shipping barcodes
  • Unknown documents
  • Delivery addresses
  • Facility locations
  • Prices paid for goods
  • Photos of shipments
  • Photos of package labels
  • Images of on-site documents
  • Transportation plans & agreements.

The details of it were only shared by experts last week, though the database exposure was discovered last month

We don’t know whether bad actors acquired the bucket’s content. If malicious actors have accessed the bucket, D.W. Morgan and its clients could be targeted with criminal activities. D.W. Morgan could also face legal sanctions from several jurisdictions. – Statement

Clients of the company could be targeted by malicious activities, such as phishing campaigns and scams, due to the exposure of their data.On November 12th, 2021, D.W Morgan was notified the company. On November 16th, 2021, D.W. Morgan secured the S3 bucket.

Leave a Reply

%d bloggers like this: