As many as 119,000 FedEx customers may have been compromised when scans of passports and other documents were left on an unsecured Amazon cloud server.
Researchers from Kromtech Security Center said they discovered the documents on February 5. They said the documents belonged to citizens from a number of countries, including the U.S., Canada, Mexico, China, Kuwait, and Japan.
An analysis revealed that the documents had been collected by Bongo International, a company that supports retailers in North America with international shipping. FedEx bought Bongo International in 2014.
“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx said in a statement. “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”
Kromtech researchers said the documents it found on the server were dated between 2009 and 2012. The company said the data could have been out there for years and that anyone using Bongo's services during that time might have compromised their identities.
Bongo International, now known as FedEx Cross Border, started in 2007 as a package forwarding service for international consumers who wanted to purchase items from U.S.-based websites that did not offer international shipping.