Fast Logistics Data Breach Exposes Employee Records and Internal Files
A data breach has been reported involving Fast Logistics Group, after a threat actor claimed to have accessed and extracted large volumes of sensitive company data over several weeks. Operating under the alias Ch4nc3ll0rx 1337, the attacker detailed how weak system protections allowed access to internal files, databases, and cloud storage.
Fast Logistics Group is a Philippine-based company that provides delivery, warehousing, and supply chain services to businesses nationwide. It handles large volumes of shipments and operational data daily, making it a critical player in logistics and distribution.
According to the threat actor, the breach was made possible by a simple but serious flaw in how the company handled its data. Files stored on Amazon Web Services (AWS) were directly linked to transactions without proper protection. This meant that anyone who had or guessed the link could access the files. Transaction IDs were also reportedly arranged in a predictable sequence, making it easier to browse through records. In addition, transactions were not encrypted, increasing the risk of exposure.
The attacker claims that Fast Logistics had over 10 million documents stored in its cloud system, many of which could have been accessed. Due to storage limits, only part of the data was extracted, around 50GB in total. This includes 12.7GB of Excel files, with 6,357 spreadsheets and 54,878 document files.
One of the most serious concerns is the exposure of employee data. The threat actor claims to have accessed over 380,000 lines of employee records, including detailed personal and work-related information. There were also around 50,000 images linked to transactions, which may include internal documentation or operational records.
The breach also affected internal reporting systems. The attacker noted that the company’s analytics platform was left open, allowing access to client data and internal reports. While some data may not be highly sensitive, it was still visible and accessible without proper restrictions.
Further details reveal that multiple internal database tables were accessed, many of which contain highly sensitive and operational data:
1. Employee and HR Systems
Tables such as personnel_employeeprofile, personnel_employment, personnel_employeecertification, and personnel_employeeextrainfo likely contain personally identifiable information (PII). This may include full names, addresses, contact details, employment history, certifications, and possibly government-issued identifiers.
2. Access Control and Privilege Data
The personnel_employee_area_privilege and personnel_employee_flow_role tables suggest records of user permissions and internal access levels. Exposure of this data can allow attackers to understand how systems are structured and potentially escalate access within the organization.
3. Authentication and API Logs
The staff_stafftoken and rest_framework_tracking_apirequestlog tables are particularly sensitive. These may contain authentication tokens, session data, and API request logs, which could be used to hijack sessions or replicate legitimate system activity.
4. Visitor and Transaction Records
Tables such as visitor_visitor, visitor_visitorbiodata, visitor_visitorbiophoto, and visitor_visitortransaction indicate the collection of visitor identities, photos, and transaction histories. This raises serious privacy concerns, especially if identification documents or images are involved.
5. Workflow and Internal Process Data
Systems like workflow_workflowengine, workflow_workflowinstance, and workflow_workflownode_approver reflect internal approval processes and business workflows. While not always personal, this data is sensitive as it reveals how decisions are made within the company, which can be exploited for fraud or manipulation.
Large datasets tied to internal analytics particularly those under “Bagwis Analytics” were also reportedly extracted. These include attendance records, disciplinary actions, and workforce monitoring data, with some files containing hundreds of thousands of rows. Such datasets can reveal patterns in employee behavior, internal investigations, and operational weaknesses.
The incident points to major gaps in basic security practices, particularly in controlling access to files and protecting sensitive data. These types of weaknesses can allow attackers to move freely within systems and collect large amounts of information without being detected.
As of now, Fast Logistics Group has not issued any official statement regarding the alleged breach. The full impact of the incident, including whether the data has been shared or sold, remains unknown.
