Kromtech Security Center, online security to the company, claims that FedEx might have disclosed accidentally leaked passport, driver license, and personal documents of over 100,000 clients after choosing to host data on an unsecured third-party cloud server. The company believes that the unsecured server belonged to Bongo International LLC, bought by FedEx in 2014.
FedEx Chose to Host Sensitive Documents on Unsecured Amazon S3 Server
According to a Kromtech Security Center spokesperson, US-based company might have compromised personal data of thousands of clients when it decided to use a server belonging to a company previously bought by the shipping giant.
Research reveals that the unsecured Amazon S3 Server contained various scanned documents including driver licenses and passports belonging to approximately 110,000 clients from Mexico, Australia, Canada, United States, China, Japan, Saudi Arabia, and several countries across Europe.
The investigation revealed that the unsecured server was owned by Bongo International LLC, a company bought in 2014 by FedEx and whose name was changed to FedEx Cross-Border International one year later.
Following the allegations forwarded by Kromtech, the company’s representatives commented that a thorough investigation had been conducted and the results suggest that no data has been compromised. Furthermore, the FedEx representatives have stated that the cloud server listed as ‘unsecured’ is publicly inaccessible.
However, despite the company’s assurances, Kromtech declared that the Amazon S3 Server previously owned by Bongo International LLC could have been accessed by anyone. The documents in questions were believed to have been scanned and stored on the server between 2009 and 2012.
Although no one has filed a grievance against the company’s data protection policies, Kromtech warns that the data might have been floating around the Internet since 2009 and possibly being auctioned on dark web websites.
Image source: Wikipedia