- Former developer at software company deletes his code to protest its ties to ICE Saturday 4:21 PM
- A mysterious website is doxing Hong Kong protesters and journalists Saturday 1:44 PM
- The best ‘Skyrim’ followers and how to get them Saturday 1:26 PM
- Why Joel Osteen gets cyberbullied every time Houston floods Saturday 12:40 PM
- How to stream Jets vs. Patriots in Week 3 Saturday 12:39 PM
- 10 indie dating simulator games you should be playing Saturday 12:31 PM
- How to stream Packers vs. Broncos in Week 3 Saturday 12:14 PM
- Saudi crown prince’s former adviser suspended from Twitter Saturday 11:57 AM
- How to stream Cowboys vs. Dolphins in Week 3 Saturday 11:57 AM
- YouTuber to pay restitution after a teen fan died copying her video Saturday 10:36 AM
- Antonio Brown sent ‘intimidating’ texts to an accuser, including a pic of her children Saturday 9:38 AM
- Facebook suspended tens of thousands of apps after Cambridge Analytica scandal Saturday 8:24 AM
- How to stream Browns vs. Rams on Sunday Night Football Saturday 6:00 AM
- How to watch ‘NFL Primetime’ on ESPN+ Saturday 5:00 AM
- How to stream Liverpool vs. Chelsea Friday 6:45 PM
FedEx publicly exposed the identity and security documents of thousands of customers after leaving them on an un-password protected, unsecured server.
Researchers with Kromtech Security made the discovery, which after being reported to FedEx, the company quickly fixed on Tuesday. Kromtech Security found more than 119,000 scanned documents belonging to U.S. and international citizens, including driver’s licenses, passports, and security IDs, along with address information from accompanying scanned mailing forms.
The unsecured Amazon S3 storage server formerly belonged to startup Bongo International, which helped North American merchants with international purchases and deliveries. FedEx acquired Bongo in 2014 and rebranded it as FedEx Cross Border in 2016. It’s likely that, in the midst of Bongo’s acquisition and transition into a FedEx property, the legacy server was forgotten about; the information, according to Kromtech Security, has been available online for many years now.
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx spokesperson Jim McCluskey told ZDNet. “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”
The documents found on the unsecured server date from 2008 to 2015, according to ZDNet, which worked with Kromtech on reporting this issue. While many are now expired, the information could still have opened up these individuals to identity theft.
“This case highlights just how important it is extremely important to audit the digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during, and after the sale,” security researcher Bob Diachenko wrote.
Mistakes and oversights do happen, but at least FedEx reacted swiftly correct this error, and no harm seems to have come to those whose data was exposed.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.