FedEx left sensitive customer data exposed on unsecured server

The data has since been secured, but was available for a long period of time.

Getty Images

It seems like there's no end to the data breach stories. Uber covered their problem up, then had to answer to Congress. Equifax's initial response to its massive data exposure added its own security issue. Federal employees were even found stealing data from Homeland Security. Now FedEx customer records — including passports, drivers licenses and other security IDs — have been exposed, according to security researchers at Kromtech.

Apparently, FedEx bought Bongo International in 2014, then rebranded it as FedEx Crossborder (which was itself shut down last year). The exposed data were reportedly stored on an unsecured Amazon S3 virtual server that belonged to Bongo, and included records from a period of 2009 - 2012, according to Kromtech, who own MacKeeper Security. Once the company connected with ZDNet's Zack Whittaker, who did some digging, the exposed server was removed from public access entirely. Still, that means all these records have been available for a long time.

"After a preliminary investigation," FedEx told ZDNet, "we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation."