Security researchers at the Kromtech Security Center have discovered the issue and posted details of the exposure alongside ZDNet. The server contained more than 112,000 files, a mix of the completed US Postal Service forms used to authorize the handling of mail, along with identification. Many of the records were of US nationals, however a portion of the data contained identification records from dozens of other countries, including Asia, Australia, Europe, and the Middle East.
Among the exposed files, ZDNet confirmed drivers’ licenses, national ID cards, and work ID cards, voting cards, and utility bills. Moreover, resumes, medical insurance cards, and even a handful of credit cards that customers used to verify their identity with the FedEx division were also found.
The data was hosted on a password-less Amazon S3 storage server. The server belonged to Bongo International, a company specializing in helping US retailers sell products online to consumers around the world by calculating shipping and duty calculations and currency conversions, among other things.
Bongo was bought by the shipping company in 2014 and later rebranded as FedEx CrossBorder. The service was shut down in 2015.
The server was secured within a few hours of ZDNet contacting FedEx. Moreover, a FedEx spokesperson confirmed the breach to ZDNet in an email. However, it is not known if the company will notify the authorities of the exposure, the online publication concludes.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now