Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    FedEx Customer Data Left Publicly Exposed on Cloud Storage Server

    By
    Sean Michael Kerner
    -
    February 16, 2018
    Share
    Facebook
    Twitter
    Linkedin
      New Google Cloud DLP Features

      FedEx is the latest company to have inadvertently left personally identifiable information, publicly exposed on a cloud storage server.

      On Feb. 15, security firm Kromtech publicly reported that it discovered an un-secured cloud storage repository, which contained 119,000 scanned documents from both U.S. as well as international citizens. The data came from Bongo International which was acquired in 2014 by FedEx Corp.

      “Technically, anybody who used Bongo International services back in 2009-2012 is at risk of having his/her documents scanned and available online for so many years,” Bob Diachenko, head of communications at Kromtech Security Center stated. “Seems like bucket has been available for public access for many years in a row.”

      The scanned data that was discovered by Kromtech was collected by Bongo, as part of an application process for individuals to to get delivery of mail through an agent. The scanned information included driver’s licenses, passports and other forms of security identification. Diachenko stated that it’s unknown whether FedEx was aware of the scanned data when it bought Bongo International back in 2014.

      What is clear though is that FedEx is now aware of the data and has taken steps to secure it.

      “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx stated. “The data was part of a service that was discontinued after our acquisition of Bongo.”

      FedEx added that it found no indication that any information has been misappropriated and the company will continue its investigation. 

      Amazon S3 Leaks

      The data stored by Bongo was hosted in an Amazon S3 (Simple Storage Service) bucket. The data bucket was apparently not properly configured by Bongo, enabling public access by those who knew where to look for the data.

      There are multiple tools and methods available to researchers and attackers alike to find potentially exposed Amazon S3 buckets. One such tools is the open-source AWS BucketDump project, which provides a secure way to look for interesting files in S3 Buckets, according to the project’s GitHub project page.

      FedEx is certainly not the first, nor will it be the last firm to receive a report that it has somehow left customer information publicly exposed in the cloud. In recent years, multiple sets of security researchers have reported similar incidents. In December 2017, security firm Upguard reported that the information of 123 million Americans was exposed in an Amazon S3 bucket by data analytics firm Alteryx, which is a business partner of consumer credit reporting agency Experian. Other firms that have inadvertently left customer data exposed in the cloud include Accenture and Verizon, among others.

      How To Limit the Risk of Cloud Data Leaks

      While Amazon S3 cloud data leaks have been often reported, there are a number of steps that organizations can take using Amazon’s own tools to limit risk.

      In all of the publicly reported Amazon S3 data leaks, the storage bucket was somehow misconfigured, enabling unintended public access. Amazon has multiple technologies available to its S3 users to discover personally identifiable information in S3 storage buckets, as well as to protect that data.

      The Amazon Macie service which was first announced in August 2017 is a machine learning technology to help organizations find confidential information that might be stored in their S3 storage buckets. Amazon also provides encryption capabilities for S3 that were announced in November 2017, enabling organizations to encrypt confidential information that is stored in S3 buckest, helping to limit risk of data leakage.

      The Amazon Web Services (AWS) Config service provides additional capabilities for organizations to secure their S3 storage buckets. AWS Config provides policy and configuration settings for Amazon’s cloud services. Amazon improved AWS Config in 2017 with preset rules that enable organizations to block public read and writes to S3 storage instances.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×