View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 16, 2018

FedEx AWS silo leaks 120,000 sets of customer information

It is important to remember that all data is valuable, cyber criminals will even leverage slightly old data to their advantage.

By Tom Ball

In the region of 120,000 sets of sensitive FedEx customer data including driving licenses and passports have been left exposed due to an unsecured AWS S3 silo.

The discovery was made by Kromtech Security Center, recognising the weaknesses in the storage system stem from its set up conducted by Bongo International. This company was acquired by FedEx in 2014.

Following the acquisition the company was shut down, leaving the still valuable information vulnerable to cyber criminals. The massive amount of data is connected to individuals from acroos the globe.

FedEx AWS silo leaks 120,000 sets of customer information

Bob Diachenko, head of communications for Kromtech Security Center, said: “Citizens from all over the world left their scanned IDs – Mexico, Canada, EU countries, Saudi Arabia, Kuwait, Japan, Malaysia, China, Australia – to name a few.”

AWS S3 silos have previously been at the centre of instances of mass data exposure, one example that stands out is the Verizon data breach of 2017 in which 14 million subscribers were exposed. Phone numbers and account PINS among other details were found on an unprotected S3 silo.

“Technically, anybody who used Bongo International services back in 2009-2012 is at risk of having his/her documents scanned and available online for so many years. Seems like bucket has been available for public access for many years in a row. Applications are dated within 2009-2012 range, and it is unknown whether FedEx was aware of that “heritage” when it bought Bongo International back in 2014,” said Diachenko.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Cybersecurity fears not matched with risk management strategy
GDPR 100 day countdown: 74% of UK business confident
UK government pins NotPetya ransomware blame on Russia

Customer data is becoming increasingly sought after by cyber criminals, with levels of cyber fraud soaring in recent years. Large scale data breaches and exposures are fuelling the fire, perpetuating further instances of cybercrime.

Speaking to ZDNet, FedEx said: “After a preliminary investigation we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.