Data breach affects major logistics firm; millions of records leaked

Website Planet researchers report the finding of a data breach affecting D.W. Morgan, a U.S.-based multinational logistics firm. According to the report, the leak is due to an Amazon Web Services (AWS) bucket completely exposed online, accessible without any security measures.

The database contained more than 100 GB worth of data with 2.5 million files detailing financial, shipment, transportation, personal and sensitive records of fortune 500 companies leaked.

The exposed AWS bucket included five folders storing five specific file classifications, the researchers were able to detect:

  • Transportation plans and agreements
  • Process photos
  • Attachments
  • Signatures
  • Unidentified documents

Below we will give a brief review of the characteristics of each folder exposed during this incident.

Transportation plans and agreements

This first folder includes data on the company’s transportation plans and agreements; this information includes the agreed course of action for delivery drivers, warehouse and security personnel. Among the exposed records are:

  • Process details
  • Facility locations
  • Full names
  • Customers’ business email addresses

Process Photos

This folder stored at least 800,000 illustrative images about various parts of the shipping process at the company. These images were probably captured by employees to record shipments and documents.


It includes all kinds of invoices, shipping labels, and packing lists that are likely to come from the company’s email systems. In total, there were more than 10,000 of these files in this specific folder.


Although many details about the signatures found in the bucket are unknown, they are likely related to the multiple delivery processes in the company. The folder stores more than 4.5 million files.

Unidentified documents

More than 100,000 files that appear unrelated to each other, though they include personally identifiable information and corporate customer details.

Investigators immediately notified the company, which rushed to revoke insecure access to the compromised information. However, it is unknown how long this information may have been exposed.

As in any other similar incident, affected employees and corporate customers could be exposed to phishing attacks, identity fraud and complex social engineering campaigns, so it is critical that the company implements the necessary prevention mechanisms to address the incident.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.