FedEx locks down unsecured Amazon S3 server that leaked customer data

Data belonging to more than 119,000 citizens was discovered on an unsecured server

FedEx Express 2

Global package delivery business FedEx Corp has locked down identification records and data that were left exposed on an unsecured server.

It came after the security firm Kromtech said its researchers found the unsecured server on 5 February before it was closed to public access on Wednesday.

The server had contained data belonging to more than 119,000 citizens from around the world, including passports, driving licenses and security identification.

Advertisement - Article continues below

A FedEx spokesperson told IT Pro: "After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo.

"We have found no indication that any information has been misappropriated and will continue our investigation."

The data had been stored on an Amazon S3 storage server hosted by a third-party public cloud provider and collected by a company called Bongo International, which calculated international shipping prices and was acquired by FedEx in 2014.

This will simply spark further questions as to the cyber security of FedEx after it follows a cyber attack last year on FedEx's Dutch TNT Express Unit, which saw the company lose around 215m from its quarterly profit.

It will also raise questions of cloud security after private data was leaked from some high-profile companies over the past year.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The NSA, for example, was hit and lost over 100GB of highly sensitive data, which was also stored on an unprotected Amazon S3 storage.

Data breaches on the cloud-based S3 buckets are not uncommon, after two million Dow Jones customers had their data leaked, while Accenture and WWE were also hit by serious data breaches.

IT Pro has contacted FedEx for a comment on the data leak, but the company has yet to respond.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Visit/mobile/mobile-phones/356335/the-man-has-ruined-my-huawei-p40
Mobile Phones

The Man has ruined my Huawei P40

3 Jul 2020