- Report: There’s a lot of fake Libra accounts on Facebook and Instagram 1 Year Ago
- Tennessee neighbors form human chain to help father and son escape ICE 1 Year Ago
- Google settled two multi-million dollar lawsuits this week 1 Year Ago
- How to live stream Guadalajara vs. Atletico Madrid Today 12:47 PM
- Forget Area 51—People are planning to storm the Bermuda Triangle Today 12:41 PM
- It’s too late to book a room for the Area 51 raid Today 12:28 PM
- Adam Sandler’s next Netflix film is a star-studded Halloween comedy Today 12:17 PM
- How to live stream Arsenal vs. Real Madrid Today 12:06 PM
- Netflix’s ‘7SEEDS’ is an abominable adaptation of the original manga Today 11:59 AM
- Alinity Divine hasn’t been punished for throwing her cat—and people are livid Today 10:16 AM
- Gamer Krucial B passes away during Defend the North tournament Today 9:25 AM
- Brexit supporter Boris Johnson becomes prime minister—spawning lots of memes Today 9:16 AM
- Democrats want to ban use of facial recognition in public housing Today 8:29 AM
- In America’s meme war, the left and right are fighting different battles Today 8:10 AM
- Mahershala Ali’s ‘Blade’ movie won’t arrive until Phase 5 of the MCU Today 7:18 AM
FedEx fixed the issue within hours of security researchers reaching out.
FedEx publicly exposed the identity and security documents of thousands of customers after leaving them on an un-password protected, unsecured server.
Researchers with Kromtech Security made the discovery, which after being reported to FedEx, the company quickly fixed on Tuesday. Kromtech Security found more than 119,000 scanned documents belonging to U.S. and international citizens, including driver’s licenses, passports, and security IDs, along with address information from accompanying scanned mailing forms.
The unsecured Amazon S3 storage server formerly belonged to startup Bongo International, which helped North American merchants with international purchases and deliveries. FedEx acquired Bongo in 2014 and rebranded it as FedEx Cross Border in 2016. It’s likely that, in the midst of Bongo’s acquisition and transition into a FedEx property, the legacy server was forgotten about; the information, according to Kromtech Security, has been available online for many years now.
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx spokesperson Jim McCluskey told ZDNet. “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”
The documents found on the unsecured server date from 2008 to 2015, according to ZDNet, which worked with Kromtech on reporting this issue. While many are now expired, the information could still have opened up these individuals to identity theft.
“This case highlights just how important it is extremely important to audit the digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during, and after the sale,” security researcher Bob Diachenko wrote.
Mistakes and oversights do happen, but at least FedEx reacted swiftly correct this error, and no harm seems to have come to those whose data was exposed.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.