New FedEx Hack Left Thousands of Customer Records Exposed

February 20, 2018         By: Steven Anderson

As if the news for FedEx weren’t bad enough already these days. First, Amazon comes out with plans to run its own shipping service—a move that will likely put a crimp in FedEx’s income projections—new reports from Kromtech, a security research firm, say that FedEx was hacked, and that several thousand customer records had been exposed as a result.

FedEx, for its part, notes that there was no evidence found as yet that private customer data had been “misappropriated,” but given that the 119,000 scanned documents involved included things like passports and drivers licenses, the revelation was alarming enough.

The trouble for FedEx customers, and by extension FedEx, started back on February 5, when Kromtech researchers discovered an unsecured server Amazon S3 storage server FedEx was operating, one that was actually available for outside access. Just over a week later, reports note, the server was closed to public access. The server in question was part of the Bongo International operation that FedEx acquired back in 2014, which served as a means to calculate shipping prices and offer other services, services that FedEx subsequently discontinued.

FedEx’s Jim McCluskey noted “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. We have found no indication that any information has been misappropriated and will continue our investigation.”

This is another blow to FedEx, already suffering from the news of Amazon’s planned launch. The market isn’t exactly happy with FedEx either, as its stock—which had been on an upward track since the start of the year—started taking a significant dive in about mid-January heading downward ever since. You’d think that with its status as one of the premier last-mile providers of ecommerce fulfillment—those purchases have to be delivered somehow—they’d be in a safe position. But as is the case with mobile payments, trust is vital, and revelations like this do little but attack trust and persuade users to go elsewhere, like UPS, the USPS, or even, eventually, Amazon itself.

Security is vital anywhere you go any more, from mobile payments to shipping the results of those payments. This latest hit at FedEx just shows us all the importance of keeping our own information protected.