FedEx exposed more than 19,000 scanned documents from its international customers in an unsecured Amazon S3 bucket.
The global package delivery company said it had secured some of the customer identification records that were visible earlier this month, and so far has found no evidence that private data was “misappropriated.”
Security firm Kromtech discovered the leaky bucket, which it said contained data including passports, driving licenses, and security identification.
It said its researchers found the unsecured server on Feb. 5 and it was closed to public access on Wednesday.
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx spokesman Jim McCluskey said in a statement.
“We have found no indication that any information has been misappropriated and will continue our investigation,” McCluskey said.
McCluskey declined to elaborate on what portion of the records were secure, or whether FedEx had notified authorities. The incident affected a tiny portion of FedEx customers globally.