Fed-Ex admits to storing sensitive data on unsecured server

Avatar By Susan Konig | 3 years ago

To be sure, there have been numerous stories of security and data breaches lately. Uber tried to cover up their story but eventually had to answer to Congress. Equifax’s initial response to its massive data exposure  created a security issue of its own. Federal employees were found stealing data from the department of Homeland Security. And now, FedEx has been affected.  The carrier’s customer records — including passports, driver’s licenses and other security IDs — have been exposed, according to security researchers at Kromtech, the company that owns MacKeeper software security systems.

FedEx purchased Bongo International Shipping in 2014, rebranded it as FedEx Crossborder, and then shut it down in 2017.. The exposed data was reportedly stored on an unsecured Amazon S3 virtual server that belonged to Bongo, and contained records from a period of 2009 – 20012, according to Kromtech.  While, upon discovery, the exposed server was removed from public access, the records have still been available for a significant period of time.

In a statement to the press, FedEx said,”we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”