FedEx has revealed that some sensitive customer information was freely available after a security breach. And it now confirms it has secured some of the customer identification records that were visible earlier this month on an unsecured server and so far has found no evidence that private data was “misappropriated.”
The hacked server reportedly stored more than 119,000 scanned documents from USA and international customers including passports, driving licenses, and security identification documents. There’s no way of determining whether you might have been one of the businesses or users which were impacted. The company related to the breach is called Bongo International. Apparently the security risk was revealed on February 5th and shut down at some point last week.
After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. We have found no indication that any information has been misappropriated and will continue our investigation.
– Jim McCluskey, FedEx.
FedEx has stressed that it has reviewed security and is concentrating on reinforcing privacy with redoubled efforts but it remains unclear exactly the extent to which customer data has been compromised on this occasion. And that highlights the extent to which we are all vulnerable when we provide information to companies. A company like FedEx is reputable and even they can suffer from a security wobble. That goes to show that no organisation can ever be truly protective of your business data.
Perhaps what this story does reinforce is the need to be very careful with the most sensitive information related to your business. Things like your name, address, bank details (yes, account number and sort code too) and the like are essentially public. But jealously your protect passwords, PINs and security question answers because those can make your money vulnerable. That seems to be the message.