Shuttle Pass is a service provider specializing in taxi and hotel bookings, helping customers with seamless travel arrangements. The company manages sensitive information, including personal and payment data, to facilitate these bookings.

2. Breach Details

  • Date of Breach: November 2023
  • Disclosed on: November 20, 2023
  • Affected Records: 67,000 users' data
  • Disclosed by: A user known as "IntelBroker" on BreachForums, a notorious forum for sharing and selling stolen data.
  • Leaked Data Includes:
    • Full names (first and last names)
    • Email addresses
    • Phone numbers
    • Flight and room numbers
    • Car rental details (small and big car count)
    • Hotel ticket information
    • Payment and transaction details
    • Booking dates (start and end dates)
    • Metadata such as creation and update timestamps

3. Threat Actor Profile

  • Alias: IntelBroker
  • Role: BreachForums Administrator
  • Activities: IntelBroker is known for distributing stolen databases and has a high reputation within the cybercriminal community.

4. Impact Analysis

  • Customer Impact: The breach exposes personally identifiable information (PII) and sensitive booking details, which could lead to identity theft, financial fraud, and targeted phishing attacks.
  • Business Impact: Potential loss of customer trust, legal repercussions, and a hit to Shuttle Pass’s reputation.
  • Wider Implications: This breach may compromise the security of travelers, especially if sensitive information like hotel room numbers and travel itineraries fall into malicious hands.
Share this article
The link has been copied!