FedEx data breach: 119,000 passports or photo IDs found on unsecured server

Thousands of FedEx (NYSE:FDX) customers’ private information was exposed after the company left scanned passports, driver’s licenses and other personal documentation on a publicly accessible server.

The incident was first discovered by researchers at a German-based security center called Kromtech earlier this month.

According to the security firm, the server belonged to Bongo International, a company that helped customers with shipping calculations and currency translations. FedEx purchased Bongo in 2014 but renamed the company FedEx Cross-Border International a year later before discontinuing the service in April 2017.

More than 119,000 scanned documents dated from 2009 to 2012 were on the Amazon S3 server, Kromtech said it had discovered. Kromtech said it was unclear if FedEx was aware of the server’s existence when it purchased the company four years ago.

FedEx said on Thursday that it has secured some of the customer identification records that were exposed earlier this month and added that so far it has found no evidence that private data were “misappropriated.” The company, however, said it continues to investigate.

The data breach could affect anyone who might have used Bongo’s services anytime from 2009 to 2012, and it’s possible the data were exposed online for several years,” according to Bob Diachenko, Kromtech’s head of communications.

The scanned IDs originated from countries all over the world, including the U.S., Mexico, Canada, Australia, Saudi Arabia, Japan, China and several European countries.

A FedEx spokesperson did not immediately return FOX Business’ request for additional information.