The personal information from more than 119,000 FedEx customers may have been unsecured for several years, according to security researchers for Kromtech.
The researchers found thousands of scanned documents, which included passports, driver’s licenses, home addresses, phone numbers and zip codes from U.S. and international citizens. The information on the server was from Bongo International, a company FedEx acquired in 2014, and was publicly accessible as recently as January 2018.
A FedEx official said, “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”