Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Here’s the latest in the ongoing saga of how corporate America fails to protect consumer information!
FedEx is the latest major company to announce that an unsecured server it failed to password protect exposed the passports, driver’s licenses and other security identification and more of 119,000 customers.
RELATED: Amazon warning — Beware of deliveries you didn’t order
Securtity researchers at MacKeeper Kromtech discovered the vulnerability, which exposed the data of both U.S. and international citizens.
The unsecured server in question was associated with Bongo International, a company acquired by FedEx in 2014. After acquisition, Bongo was folded into the FedEx Cross-Border International division and subsequently shut down in April 2017.
When it was operating, Bongo helped facilitate the sale of online goods from North American retailers and brands to international consumers.
The Kromtech researchers found the info that was exposed dated back to a three-year period between 2009 and 2012, prior to when Bongo became part of FedEx.
That info, of course, became FedEx’s responsibility to secure when the company acquired Bongo.
The good news here is that FedEx has investigated the security snafu and determined that none of the breached info was “misappropriated.” The company has also since put password protection on the exposed server.
After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.
However, it wasn’t just passport and IDs like this one below that were exposed on the old Bongo server.
The IDS also were accompanied by scanned file of the Postal Service’s “Applications for Delivery of Mail Through Agent” — a necessary piece of paperwork for Bongo’s customers to file out.
Those applications contained names, home addresses, phone numbers and zip codes, according to researchers:
Meanwhile, a separate investigation by ZDNet found even more info that was left exposed — including “resumes, vehicle registration forms, medical insurance cards, firearms licences, a few U.S. military identification cards, and even a handful of credit cards that customers used to verify their identity with the FedEx division.”
Unfortunately, this isn’t FedEx’s first brush with a cybersecurity threat.
The logistics giant was affected by a worldwide cyberattack in May 2017 and reported “experiencing interference with some of our Windows-based systems caused by malware.”
By June of that year, the company’s TNT division was briefly thrust back into the Stone Age when it had to do transactions by hand because of lingering damage from that unprecedented global hack.
TNT, which is FedEx’s international courier delivery services subsidiary, said a number of operations that were usually automated had to be done manually until the division’s IT issues could be sorted out.
RELATED: 10 things you must do if your identity is stolen
This post was last modified on November 26, 2021 10:35 am
Deciding to save and invest are great habits. But once you check that box, your…
If you're considering subscribing to Fubo, you need to be comfortable missing out on some…
Are you looking for a way to earn 2% back on every purchase you make…
You're not alone if you're running a balance on your credit cards. Collectively, Americans are…
A big part of saving money comes down to knowing how to comparison shop. But…
If you work for a big company as a full-time employee, chances are you have…