Attivo Networks Blogs

Thousands of FedEx customers’ private info exposed in legacy server data breach

THOUSANDS OF FedEx customers have had their private information exposed after one of the courier’s legacy servers was left open without a password.

Uncovered by Kromtech Security Center, the parent company of MacKeeper Security, the breach exposed data such as passport information, driver’s licenses and other high profile security IDs, all of which were hosted on a password-less Amazon S3 storage server.

However, according to the security researchers at Kromtech, it was later secured after the team made contact with FedEx.

This apparently happened due to FedEx not securing the data stored on the Amazon S3 virtual server, which was originally owned by Bongo, a company which FedEx bought in 2014 and rebranded as FedEx Crossborder (which was actually shut down last year).

As a result, the exposed data wasn’t super recent, and instead included records from 2009 – 2012. However, as many people’s state-issued IDs last for 10 to 20 years, much of the leaked data is probably still very sensitive.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top