Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International.
Bongo and/or Fedex stored 119,000 of its customers scanned pieces of ID on an Amazon Web Services bucket that had no password or encryption; these included passport scans, drivers licenses and other docs, each accompanied by customs forms stating the customer's full name, home addresses and phone numbers.
Fedex shut down the division last April, but even then it did not audit its data-handling practices and shut down the archive or at least add a password to it (it's down now).
Fedex says this is OK because if someone stole this data, they did so without leaving a trail that Fedex can find. Kromtech, who made the discovery, says they think the data may have been available since 2009.
Thursday's post said Kromtech researchers made "attempts to get in touch with FedEx via FedEx Cross-Border Merchant Customer Support line and emails." The researchers said they didn't succeed until Tuesday, when ZDNet reporter Zack Whittaker began contacting FedEx officials. The unsecured Amazon bucket was taken down on Wednesday.
In a statement, FedEx officials wrote: "After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation."
FedEx Customer Records Exposed [Bob Diachenko/Kromtech]
Mountain of sensitive FedEx customer data exposed, possibly for years [Dan Goodin/Ars Technica]
fedex,amazon,aws,breaches,pii,reckless endangerment,identity theft,business,kromtech,bongo bongo-bungle
Unilever founder John Wanamaker famously said, "I know that half the money I spend on advertising is wasted. My only problem is that I don’t know which half." It's an odd testament to the power of advertising, an industry whose executives are incredibly effective at selling their services to other executives, even if they can't […]
The Dodd-Frank act mandated that publicly listed companies would have to publish an annual figure listing the ratio between their CEO's pay and their median worker's pay: now, after nearly a decade of stalling tactics from corporate lobbyists, those figures are emerging, and they're equipping cities with the tools they need to crack down on […]
Sara Elizabeth Williams' long, beautifully written profile of the merchants who established illegal storefronts on the Champs-Élysées, a stretch of road in Jordan's Za’atari refugee camp -- home to 93,000 Syrian refugees -- is a lens on the crisis created by decades of western complicity in the brutal Assad regime, followed by a global proxy […]
The Nintendo Switch is king when it comes to gaming on the go, but it’s tough to lose yourself in Zelda: Breath of the Wild or Skyrim if your battery dies out. That’s where this Nintendo Switch Battery Charger Case comes into play. Built exclusively for Nintendo Switch, this pack allows for uninterrupted charging while you play, […]
Creative designers play a pivotal role in engaging target audiences and customers, and while companies are eager to bring more of these professionals on board, you’ll have a hard time getting your foot in the door if you’re not using the industry’s best tools. From Adobe to Maya, the eduCBA Design & Multimedia Lifetime Subscription Bundle […]
As more companies aim to reel in costs and boost productivity, project managers are becoming an essential part of many operations, and they’re paid handsomely for their expertise. But, while demand is high, you’ll have a hard time getting your foot in the door if you’re not toting the right certifications. The Official Lean Six Sigma […]