{"id":2342,"date":"2018-02-16T13:16:47","date_gmt":"2018-02-16T17:16:47","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=2342"},"modified":"2018-02-16T13:16:47","modified_gmt":"2018-02-16T17:16:47","slug":"fedex-customer-data-left-exposed-amazon-s3-bucket","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/","title":{"rendered":"FedEx Customer Data Left Exposed on Amazon S3 Bucket"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2343\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg\" alt=\"fedex leak S3 bucket personal data\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">An Amazon S3 storage bucket server belonging to international shipping giant FedEx was left configured for public access for years, potentially exposing the identity data of thousands of people.<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/>\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The server belonged to FedEx Cross-Border International, a division that FedEx shuttered in 2017. The exposed data included the passports, driving licenses, and security IDs for 119,000 people across the U.S. and the world. Further, scanned copies of \u201cApplications for Delivery of Mail Through Agent&#8221; also exposed names, home addresses, and phone numbers. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Kromtech security analysts discovered the open server earlier this month, which has since been removed from public access. According to researchers, Bongo International originally compiled the data on the server before it was bought by the FedEx Corp. in 2014. In a statement, FedEx said: \u201cWe have found no indication that any information has been misappropriated and will continue our investigation.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, a <\/span><a href=\"https:\/\/mackeepersecurity.com\/post\/fedex-customer-records-exposed\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">contradictory statement<\/span><\/a><span style=\"font-weight: 400\"> came from Bob Diachenko, head of communications for Kromtech: \u201cSeems like [the] bucket has been available for public access for many years in a row. Applications are dated within 2009-2012 range, and it is unknown whether FedEx was aware of that \u2018heritage\u2019 when it bought Bongo International back in 2014.&#8221; <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This aligns with similar doubts raised by Upguard researcher Chris Vickery, who discovered the <\/span><a href=\"https:\/\/solutionsreview.com\/identity-management\/amazon-web-services-bucket-leaks-12000-social-media-influencers-data\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">Octoly leaky S3 bucket<\/span><\/a><span style=\"font-weight: 400\"> with the personal data of 12,000 social media influencers: it is unlikely whether FedEx would know if anyone had accessed the data at all.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The revelation speaks to a economy-wide ignorance\u2014or neglect\u2014of digital hygiene practices and proper customer data care. Enterprises need to be much more aware of the data they collect and manage and how they are storing that data. The news of FedEx\u2019s leak should prompt enterprises to take a survey of their data assets and work to immediate close any leaks they discover. \u00a0\u00a0<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>An Amazon S3 storage bucket server belonging to international shipping giant FedEx was left configured for public access for years, potentially exposing the identity data of thousands of people. \u00a0\u00a0 The server belonged to FedEx Cross-Border International, a division that FedEx shuttered in 2017. The exposed data included the passports, driving licenses, and security IDs [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2343,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[629,617,16,112,631,76],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>FedEx Customer Data Left Exposed on Amazon S3 Bucket<\/title>\n<meta name=\"description\" content=\"An S3 storage bucket server belonging to FedEx was left public for years, potentially exposing the identity data of thousands of people.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/\",\"name\":\"FedEx Customer Data Left Exposed on Amazon S3 Bucket\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg\",\"datePublished\":\"2018-02-16T17:16:47+00:00\",\"dateModified\":\"2018-02-16T17:16:47+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"An S3 storage bucket server belonging to FedEx was left public for years, potentially exposing the identity data of thousands of people.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"fedex leak S3 bucket personal data\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FedEx Customer Data Left Exposed on Amazon S3 Bucket\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FedEx Customer Data Left Exposed on Amazon S3 Bucket","description":"An S3 storage bucket server belonging to FedEx was left public for years, potentially exposing the identity data of thousands of people.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/","url":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/","name":"FedEx Customer Data Left Exposed on Amazon S3 Bucket","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg","datePublished":"2018-02-16T17:16:47+00:00","dateModified":"2018-02-16T17:16:47+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"An S3 storage bucket server belonging to FedEx was left public for years, potentially exposing the identity data of thousands of people.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/02\/leak-mod.jpg","width":800,"height":400,"caption":"fedex leak S3 bucket personal data"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/fedex-customer-data-left-exposed-amazon-s3-bucket\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"FedEx Customer Data Left Exposed on Amazon S3 Bucket"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/2342"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=2342"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/2342\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/2343"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=2342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=2342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=2342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}