Logistics giant exposes customer data, Lolz at researchers when alerted

Bergen Logistics, a New Jersey-based company exposed its database back in December 2020 – It has been five months that the database is still exposed and available for public access without any security authentication.

Recently, the Website Planet team uncovered an exposed database belonging to Bergen Logistics that stored 467,979 records all relevant to their shipments and customers. This means that any clients that conducted business with Bergen or anyone who received a package from Bergen within the USA, could possibly be affected by this data leak.

Bergen Logistics is a market-leading order fulfillment provider, meaning it stores, picks, packs and delivers clients’ products to their retail outlets. Bergen also provides logistics solutions directly to customers of online marketplaces and e-commerce stores.

Bergen works to bring fulfillment solutions to a range of industries, from fashion to home products, electronics, and medical devices. Bergen primarily operates within the fashion sector, delivering footwear, handbags, accessories, cosmetics, and fragrances on behalf of brands and stores worldwide.

What data has been exposed?

According to researchers, the company data was exposed on an Elasticsearch server and consisted of two sectors. Shipment details, included addresses, phone numbers, names, surnames, and emails of customers while the login credentials in plaintext included emails and passwords of customer accounts.

Both of these directly and adversely affect the customers but this data breach as a whole has a largely worrisome effect on the company as well. 

Impact on clients and the company

The clients could be affected through various criminal acts if hackers with malicious intentions found this unprotected database. These include identity theft, fraud, scams, phishing, malware, theft, and account takeover.

The company, on the other hand, will be affected due to its failure to adhere to data privacy laws such as section 5 of the FTC Act which requires any company to provide adequate security of personal information when conducting business within the USA.

Bergen Logistics could be punished through an arrest or fine of up to $100 million if it is found guilty of the charges. Moreover, they could possibly face a loss of business due to their existing customers losing trust in Bergen and their new customers being driven away. 

According to Website Planet’s blog post, the data leak was first identified on 28th December 2020 and Bergen Logistics was informed on the 30th and then again on 15th January 2021 because they did not respond.

The database was still found to be unsecured. 

“Lol” from Bergen Logistics

Considering the fact that the database is still exposed; Hackread.com contacted Bergen Logistics through Facebook and informed them about the data leak. However, in response, the company’s representative simply laughed out loud (lol) for some reason. 

At the time of publishing this article; WebsitePlanet’s researchers have confirmed that the database was still exposed and accessible to the public without any security authentication.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.