Logistics giant exposes customer data, Lolz at researchers when alerted

Logistics giant exposes customer data, Lolz at researchers when alerted

At the time of publishing this article; the data belonging to Bergen Logistics was available for public access without any security authentication.

Bergen Logistics, a New Jersey-based company exposed its database back in December 2020 but Lolz when alerted about the incident.

Recently, the IT security researchers at Website Planet uncovered an exposed database belonging to Bergen Logistics that stored 467,979 records all relevant to their shipments and customers.

This means that any clients that conducted business with Bergen or anyone who received a package from Bergen within the USA, could be affected by this data leak.

Bergen Logistics is a market-leading order fulfilment provider, meaning it stores, picks, packs and delivers clients’ products to its retail outlets. Bergen also provides logistics solutions directly to customers of online marketplaces and e-commerce stores.

Bergen works to bring fulfilment solutions to a range of industries, from fashion to home products, electronics, and medical devices. Bergen primarily operates within the fashion sector, delivering footwear, handbags, accessories, cosmetics, and fragrances on behalf of brands and stores worldwide.

What data has been exposed?

According to researchers, the company’s data has been exposed on an Elasticsearch server and comprises two sectors including login credentials and shipment details such as:

  • Names
  • City
  • Zip
  • Addresses
  • Surnames
  • Order number
  • Email addresses
  • Plain-text passwords to customers’ accounts

Both of these directly and adversely affect the customers but this data breach as a whole has a largely worrisome effect on the company. 

Logistics giant exposes customer data, Lolz at researchers when alerted
Leaked data (Image: Website Planet)

Impact on clients and the company

The clients could be affected by various criminal acts if hackers with malicious intentions found this unprotected database. These include identity theft, fraud, scams, phishing, malware, and account takeover.

The company, on the other hand, will be affected due to its failure to adhere to data privacy laws such as section 5 of the FTC Act which requires any company to provide adequate security of personal information when conducting business within the USA.

Bergen Logistics could be punished through an arrest or fine of up to $100 million if it is found guilty of the charges. Moreover, they could face a loss of business due to their existing customers losing trust in Bergen and their new customers being driven away. 

According to Website Planet’s blog post, the data leak was first identified on 28th December 2020. Bergen Logistics was informed on the 30th and then again on the 15th of January 2021 because they did not respond.

“Lol” from Bergen Logistics

Hackread.com contacted Bergen Logistics through Facebook and informed them about the data leak. However, in response, the company’s representative simply laughed out loud (lol) for some reason. 

Logistics giant exposes customer data, Lolz at researchers when alerted

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts