Logistics giant exposes customer data, Lolz at researchers when alerted cvvshop2019ru, cvvstorecc
Recently, the IT security researchers at Website Planet uncovered an exposed database belonging to Bergen Logistics that stored 467,979 records all relevant to their shipments and customers.
This means that any clients that conducted business with Bergen or anyone who received a package from Bergen within the USA, could possibly be affected by this data leak.
Bergen Logistics is a market-leading order fulfillment provider, meaning it stores, picks, packs and delivers clients’ products to their retail outlets. Bergen also provides logistics solutions directly to customers of online marketplaces and e-commerce stores.
Bergen works to bring fulfillment solutions to a range of industries, from fashion to home products, electronics, and medical devices. Bergen primarily operates within the fashion sector, delivering footwear, handbags, accessories, cosmetics, and fragrances on behalf of brands and stores worldwide.
According to researchers, the company’s data has been exposed on an Elasticsearch server and comprises two sectors including login credentials and shipment details such as:
Both of these directly and adversely affect the customers but this data breach as a whole has a largely worrisome effect on the company as well.
The clients could be affected through various criminal acts if hackers with malicious intentions found this unprotected database. These include identity theft, fraud, scams, phishing, malware, theft, and account takeover.
The company, on the other hand, will be affected due to its failure to adhere to data privacy laws such as section 5 of the FTC Act which requires any company to provide adequate security of personal information when conducting business within the USA.
Bergen Logistics could be punished through an arrest or fine of up to $100 million if it is found guilty of the charges. Moreover, they could possibly face a loss of business due to their existing customers losing trust in Bergen and their new customers being driven away.
According to Website Planet’s blog post , the data leak was first identified on 28th December 2020 and Bergen Logistics was informed on the 30th and then again on 15th January 2021 because they did not respond.
Hackread.com contacted Bergen Logistics through Facebook and informed them about the data leak. However, in response, the company’s representative simply laughed out loud (lol) for some reason.