Fedex bought a company that stored 119,000 pieces of scanned customer IDs in a public Amazon cloud server, shut the company down, left the scans online for anyone to downloadOn February 16, 2018 by Maybell
Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International.
Bongo and/or Fedex stored 119,000 of its customers scanned pieces of ID on an Amazon Web Services bucket that had no password or encryption; these included passport scans, drivers licenses and other docs, each accompanied by customs forms stating the customer’s full name, home addresses and phone numbers.
Fedex shut down the division last April, but even then it did not audit its data-handling practices and shut down the archive or at least add a password to it (it’s down now).
Fedex says this is OK because if someone stole this data, they did so without leaving a trail that Fedex can find. Kromtech, who made the discovery, says they think the data may have been available since 2009.
Thursday’s post said Kromtech researchers made “attempts to get in touch with FedEx via FedEx Cross-Border Merchant Customer Support line and emails.” The researchers said they didn’t succeed until Tuesday, when ZDNet reporter Zack Whittaker began contacting FedEx officials. The unsecured Amazon bucket was taken down on Wednesday.
In a statement, FedEx officials wrote: “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”
FedEx Customer Records Exposed [Bob Diachenko/Kromtech]
Mountain of sensitive FedEx customer data exposed, possibly for years [Dan Goodin/Ars Technica]
fedex,amazon,aws,breaches,pii,reckless endangerment,identity theft,business,kromtech,bongo bongo-bungle
Wells Fargo has admitted wrongdoing in defrauding 110,000 mortgage borrowers, and to make good on it, they’re sending out letters that look like junk-mail, containing a form that customers have to fill in to confirm that they want their stolen money back; if Wells doesn’t get a reply, it will assume that those customers are […]
When Facebook rolled out “Messenger Kids,” an IM product aimed at the 6-and-up set, it trumpeted that during the product’s 18-month development cycle, it had been evaluated by child development experts in order to “safeguard” the young children it was targeting from harm.
Bloomberg’s American Mall [Bloomberg] is a retro browser game that invites you to simulate trying to revitalize a crumbling shopping mall, taking on the persona of one of four foolish investors who then has to decide whether to give breaks to your struggling retailers, bribe politicians by contributing to their re-election campaigns, chase out rats […]
When it comes to improving the atmosphere of our living spaces, most of us consider merely buying a few plants or light fixtures to liven things up. The ZenCube, however, literally improves the atmosphere of your abode by releasing negative ions into the air that can enhance your mood, energize your mind, and enrich your environment. […]
Sound financial understanding doesn’t come to all of us naturally. And, even if you’re not interested in pursuing a career as a Wall Street investor, knowing the essentials of accounting, investing, and the like can net you a host of advantages in your professional and personal lives. The eduCBA Finance & Investments Lifetime Subscription Bundle is […]
Stock audio assets aren’t necessarily the easiest things to come by, and many a designer have been left marred by the steep prices and potential hidden fees that can come with purchasing assets online. However, that’s not to say you’re out of luck. The StockUnlimited Audio Library nets users an unlimited allotment of downloads for premium, […]