February 16, 2018
Global package delivery company FedEx Corp said Thursday it has secured some of the customer identification records that were visible earlier this month on an unsecured server, and so far has found no evidence that private data was “misappropriated.”
The server stored more than 119,000 scanned documents from US and international citizens, such as passports, driving licenses, and security identification, according to a report from security research firm Kromtech.
Kromtech said its researchers found the unsecured server on Feb. 5 and it was closed to public access on Wednesday.
The data was stored on an Amazon S3 storage server and collected by a company FedEx acquired in 2014, Bongo International, which calculated international shipping prices and provided other services. FedEx later discontinued the service.
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx spokesman Jim McCluskey said in a statement.
“We have found no indication that any information has been misappropriated and will continue our investigation,” McCluskey said.
McCluskey declined to elaborate on what portion of the records were secure, or whether FedEx had notified authorities. The incident affected a tiny portion of FedEx customers globally.
The exposure appears far less disruptive than a cyber attack last year on Fedex’s Dutch TNT Express unit, which slashed $300 million from its quarterly profit.
The Memphis, Tennessee-based company joined a string of companies that reported big drops in earnings because of the NotPetya virus, which hit on June 29, crippling Ukraine businesses before spreading worldwide to shut down shipping ports, factories and corporate offices.