Thousands of FedEx user records exposed by unsecured S3 bucket

By

Company investigating leak.

FedEx exposed more than 19,000 scanned documents from its international customers in an unsecured Amazon S3 bucket.

Thousands of FedEx user records exposed by unsecured S3 bucket

The global package delivery company said it had secured some of the customer identification records that were visible earlier this month, and so far has found no evidence that private data was “misappropriated.”

Security firm Kromtech discovered the leaky bucket, which it said contained data including passports, driving licenses, and security identification.

It said its researchers found the unsecured server on Feb. 5 and it was closed to public access on Wednesday.

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx spokesman Jim McCluskey said in a statement.

“We have found no indication that any information has been misappropriated and will continue our investigation,” McCluskey said.

McCluskey declined to elaborate on what portion of the records were secure, or whether FedEx had notified authorities. The incident affected a tiny portion of FedEx customers globally.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
amazonbucketfedexs3security

Sponsored Whitepapers

What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape
Transform IT Service Delivery with Freshworks ITSM
Transform IT Service Delivery with Freshworks ITSM
Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security

Events

Most Read Articles

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party
Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul
Exetel fined $694k over system 'vulnerability' for mobile number porting

Exetel fined $694k over system 'vulnerability' for mobile number porting
Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?