Thousands of FedEx customer records exposed by unsecured server

The server stored more than 119,000 scanned documents from the US and international citizens

Reuters February 16, 2018
A FedEx Office logo is pictured in Times Square in the Manhattan borough of New York, NY, US, April 2, 2017. PHOTO: REUTERS

Global package delivery company FedEx said on Thursday it has secured some of the customer identification records that were visible earlier this month on an unsecured server, and so far has found no evidence that private data was “misappropriated.”

The server stored more than 119,000 scanned documents from the US and international citizens, such as passports, driving licenses, and security identification, according to a report from security research firm Kromtech.

Amazon boosts monthly fee for Prime by $2

Kromtech said its researchers found the unsecured server on February 5 and it was closed to public access on Wednesday.

The data was stored on an Amazon S3 storage server and collected by a company FedEx acquired in 2014, Bongo International, which calculated international shipping prices and provided other services. FedEx later discontinued the service.

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx spokesman Jim McCluskey said in a statement.

“We have found no indication that any information has been misappropriated and will continue our investigation,” McCluskey said.

McCluskey declined to elaborate on what portion of the records were secure, or whether FedEx had notified authorities. The incident affected a tiny portion of FedEx customers globally.

Amazon cutting hundreds of Seattle jobs in its consumer business

The exposure appears far less disruptive than a cyber attack last year on Fedex’s Dutch TNT Express unit, which slashed $300 million from its quarterly profit.

The Memphis, Tennessee-based company joined a string of companies that reported big drops in earnings because of the NotPetya virus, which hit on June 29, crippling Ukraine businesses before spreading worldwide to shut down shipping ports, factories, and corporate offices.


Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ