Data Security, Patch/Configuration Management

Misconfigured FleetPanda server leaks fuel sector data

Share
concept of leaky software, data with a tap sticking out.3d illustration

Major U.S. fuel industry software provider FleetPanda had 780,191 documents exposed due to a significant server misconfiguration, reports Hackread.

Included among the files in the unsecured 193 GB database were information regarding fuel and petroleum shipments, invoices, and delivery tickets to and from companies, pipelines, and industries across several states, including California, Colorado, Oklahoma, Oregon, and Texas between 2019 and August 2024, a report by cybersecurity researcher Jeremy Fowler published on Website Planet showed. Aside from exposing driver's licenses and applications with Social Security numbers and other personally identifiable information, such a database also leaked details on stores, vehicles, synctrucks, and workers, according to Fowler, who was uncertain about who managed the database. Organizations have been urged by Fowler to not only ensure separated storage for sensitive employee data and invoices but also the adoption of robust access controls, regular software updates, network monitoring systems, and cybersecurity training programs for employees.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.