THOUSANDS OF FedEx customers have had their private information exposed after one of the courier’s legacy servers was left open without a password.
Uncovered by Kromtech Security Center, the parent company of MacKeeper Security, the breach exposed data such as passport information, driver’s licenses and other high profile security IDs, all of which were hosted on a password-less Amazon S3 storage server.
However, according to the security researchers at Kromtech, it was later secured after the team made contact with FedEx.
This apparently happened due to FedEx not securing the data stored on the Amazon S3 virtual server, which was originally owned by Bongo, a company which FedEx bought in 2014 and rebranded as FedEx Crossborder (which was actually shut down last year).
As a result, the exposed data wasn’t super recent, and instead included records from 2009 – 2012. However, as many people’s state-issued IDs last for 10 to 20 years, much of the leaked data is probably still very sensitive.
Nevertheless, Kromtech said the server has since been removed from public access entirely.
FedEx said in a statement: “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure.
“The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”
The breach comes not long after UK authorities confirmed they are investigating Equifax after it admitted 15.2 million Brits were exposed in a high-profile data breach.
Both the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO) said in November last year that they are investigating the credit report outfit, and in the case of the former, said it could decide to fine Equifax as well as take away its authorisation to run credit checks in the UK.
“Hundreds of thousands of people in the UK have been affected by the Equifax data breach,” Nicky Morgan, chair of the House of Commons Treasury Committee, said at the time. “The FCA is right to investigate the circumstances surrounding it.” µ
Source : Inquirer