EXECUTIVE SUMMARY:

Personally identifiable information that included scanned passports, drivers licenses, and other customer data from a FedEx acquisition were found unprotected on a publicly accessible server.

Reportedly, at least 119,000 scanned documents were exposed. Dell Cameron from Gizmodo writes, “The IDs were attached to forms that included several pieces of personal information, including names, home addresses, phone numbers, and zip codes.”

The server in question was owned by Bongo International LLC, which was purchased by FedEx several years ago. The acquired company, renamed FedEx Cross-Border International, helped customers with shipping calculations. In April of this past year, the service was dropped.

While there is no evidence at this point that information was stolen, it’s possible that the data has been left unprotected for years. An investigation is ongoing.

Quoting the security researchers who discovered the exposed information, Gizmodo’s Cameron reports, “This case highlights just how important it is to audit digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during, and after the sale.”

Read the full story at Gizmodo.