Technologist - The FindLaw Legal Technology Blog

FedEx Customer Data Exposed

Remember when you weren't supposed to throw sensitive information in the trash because nosey people could get it?

Well, in case you didn't know, you shouldn't leave that information on old servers either. That includes abandoned Amazon accounts.

FedEx is learning that lesson the hard way. A security company says FedEx forgot 119,000 documents with customer information online -- "a blunder that left the information available to identity thieves and other malicious actors."

"Mountain" of Data

According to reports, the "mountain" of data included passports, driver's licenses, Social Security identification cards, and other customer information. Names, home addresses, and phone numbers were also stored on an Amazon storage bucket.

"Citizens from all over the world left their scanned IDs --Mexico, Canada, EU countries, Saudi Arabia, Kuwait, Japan, Malaysia, China, Australia -- to name a few," Kromtech Security Center reported. "Seems like bucket has been available for public access for many years in a row."

After learning about the problem, FedEx took down the account. "We have found no indication that any information has been misappropriated and will continue our investigation," the company said.

It was an oversight that occurred after FedEx discontinued a cloud storage service some years ago. Unfortunately for consumers, it is not the first time sensitive information has been left on a public Amazon account.

Military Not-So-Intelligent

Last year, a security firm discovered a Pentagon contractor left spy records on the public site. It included more than 1.8 million social media posts the government collected spanning eight years.

UpGuard disclosed the data leak, reporting that the government exposed a massive amount of data on "three publicly downloadable storage services." Anyone with an Amazon Web Server account could access it.

The repositories contained billions of public internet posts and news commentary scraped from the writings of many individuals from many countries, UpGuard said.

"Besides raising questions about the collection of data from people located in the U.S., the UpGuard finding also exposes security practices so lax they're hard to fathom," Dan Goodin said for Ars Technica.

Related Resources: