Strauss Borrelli PLLC, a leading data breach law firm, is investigating TheBurritoLabs, Inc., which does business as FleetPanda, regarding its recent cybersecurity incident. The FleetPanda cybersecurity incident may impact the privacy of sensitive personal information belonging to an undetermined number of individuals.
ABOUT THEBURRITOLABS, INC. D/B/A FLEETPANDA:
FleetPanda is a software development company based in California. Founded in 2017, FleetPanda specializes in petroleum logistics and dispatch software, modernizing old, manual, and spreadsheet methods with an easy-to-use dispatch tool.2 Created for fuel distributors such as Moffitt Services, 3L Energy Solutions, Pacific States Petroleum, and McNeece Brothers, FeetPanda’s software handles all order types smoothly, offers a live dashboard for tracking operations, a Uber-like driver app, automatic price and contract handling, along with tight integrations to companies’ current tech tools, bringing all essential business operations data into one digital platform.2 Headquartered in San Mateo, California, FleetPanda employs over 50 individuals.
WHAT HAPPENED?
Recently, it was reported by an online source that FleetPanda had experienced a cybersecurity incident impacting the privacy of its data. According to this source, a cybersecurity researcher discovered a non-password-protected database that contained thousands of records belonging to FleetPanda.1 The exposed database contained 780,191 documents with a total size of 193 GB.1 The documents indicated shipments of fuel and petroleum to and from numerous companies, industries, and even pipelines, and included invoices, delivery tickets, and other business-related records.1 The folders contained files dating from 2019 to present (August 2024) and were listed as cache files, as well as files relating to drivers, licenses, store, synctruck, vehicles, and workers.1 Invoices contained billing and delivery information such as bill to, delivered to, delivered by, ticket, PO or order numbers, truck numbers, and other internal identifiers or tracking data.1 Additionally, the database contained potentially sensitive information such as high resolution images of driver’s licenses and employment applications displaying Social Security numbers and other sensitive personal identifiable information.1
According to the source, after discovering the database the researcher notified FleetPanda of the exposure. FleetPanda did not issue a reply but several days later public access to the documents was restricted.1 At this time, it is not known how long these documents were exposed to the public or if anyone else may have accessed the database.1 As of September 18, 2024, FleetPanda has not publicly acknowledged the data exposure or confirmed whether the incident resulted in a data breach.
If you received a breach notification letter from TheBurritoLabs, Inc. d/b/a FleetPanda:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
