Data leak puts 10% of Texas truckers in danger
A massive data leak from a driver compliance platform has exposed personal documents belonging to over ten thousand Texas truckers, including drug tests and other sensitive information.
The Cybernews research team received an anonymous tip about an unsecured Amazon S3 bucket exposing a massive trove of personally identifiable information (PII).
The leaky cloud storage contained over 18,000 photos of Social Security cards and 23,000 driver’s license images, along with other sensitive documents.
The leaking instance was traced to Texas-based AJT Compliance, LLC, a company that helps businesses meet government regulations. The data potentially originated from the company’s “DOT SHIELD” platform dedicated to managing the process of compliance with US Department of Transportation requirements.
The exposed AWS bucket contained data spanning from 2022 to the present, with new sensitive documents actively being uploaded during the investigation.
The affected individuals appeared to be predominantly from Texas or were employed by logistics companies registered in Texas.
Texas leads the US in logistics, employing more heavy and tractor-trailer drivers than any other state. As of 2023, the state had more than 212,000 heavy and tractor-trailer operators, along with the third-highest number of light truck drivers – 72,720, according to the Bureau of Labor Statistics.
The uncovered leak could potentially affect 10% of the state's truck drivers.
What data was leaked?
- Over 18,000 social security cards
- Over 23,000 driver’s licenses
- Liability Insurance cards
- Drug tests
- Employment contracts
- Background check consent forms,
- Vehicle insurance cards
- Employee consent forms
- Vehicle inspection results
“The leak is especially alarming because a platform designed to ensure compliance with government regulations ended up exposing highly sensitive personal information tied to US Department of Transportation requirements,” said the Cybernews research team.
According to our researchers, leaking such data is extremely dangerous, as attackers could exploit it for fraud and identity theft.
“With these details in the wrong hands, malicious actors could open credit accounts, collect Social Security benefits belonging to the affected individuals, or engage in doxxing,” our researchers continued.
Cybernews contacted AJT Compliance, which confirmed that Amazon S3 storage containers used for its testing system had been inadvertently configured with public read and list permissions.
After the responsible disclosure, the data has been secured.
Third-party service providers leaking data
This is far from the first time that US citizens' data has been leaked online. Last year, Cybernews research showed that Protection Plus Solutions, a background check service provider, leaked thousands of PDF files containing Social Security numbers, passport details, and criminal records originating from Massachusetts.
In 2023, the National Safety Council, responsible for work safety training, leaked nearly 10,000 emails and passwords of its members, exposing 2000 companies, including governmental organizations like NASA and the DoJ, and companies like Verizon, Tesla, and Pfizer.
Disclosure timeline
Leak discovered: July 31st, 2025
Initial disclosure: August 1st, 2025
Leak closed: September 3rd, 2025
Unlock more exclusive Cybernews content on YouTube.
