Thousands Of FedEx Customers Had Their Data Exposed On A Wide Open Server

You have to wonder when will companies learn that securing customer data isn’t optional. I say that because Kromtech Security Center which is the parent company of MacKeeper Security has found that thousands of FedEx customers have had their private information exposed after one of the courier’s Amazon S3 servers was left open without a password. FedEx got the server as part of buying a company called Bongo International a few years ago. Now here’s the really bad part, after Kromtech reached out to FedEx to tell them about the security screw up, the server was then yanked from pubic view. Which implies that they had no clue that this server was sitting out there wide open for anyone to find.

So, what data are we talking about here? Nothing significant really. Just passport information, driver’s licenses and other high profile security info that would allow any miscreant to steal your identity. And the data comes from customers around the world.

Ouch.

Bob Diachenko, head of communications, Kromtech Security Center had this to say:

“Technically, anybody who used Bongo International services back in 2009-2012 is at risk of having his/her documents scanned and available online for so many years. Seems like bucket has been available for public access for many years in a row. Applications are dated within 2009-2012 range, and it is unknown whether FedEx was aware of that “heritage” when it bought Bongo International back in 2014″

For it’s part, FedEx had this to say:

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”

Seeing as this S3 server was available for who knows how long, nobody knows if data was swiped. If I were FedEx, I’d assume that data was swiped by the forces of evil and then start reaching out to those who had info on this server and give them the heads up. Because these days you can’t be too careful.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: