FedEx data breach exposed the private information of thousands of its customers.
What do you need to know about the breach? And what can you do if your data was leaked?
What happened
FedEx exposed customers’ data. Why? Its server is not secure after left open without a password.
Komtech security researchers discovered the gap in FedEx’s Amazon S3 bucket server.
It was set for public access. And some 112,000 files too. It includes US postal service forms.
Leaked information
The forms contained the following sensitive information:
- names
- home addresses
- phone numbers
- zip codes
- citizenship
- passports
- driving licenses
- security IDs
- voting cards
- utility bills
- resumes
- vehicle registration forms
- medical insurance cards
- US military IDs
- firearms licenses
- credit cards
Affected countries of the FedEx Data Breach
IDs come from different countries, including:
- EU countries
- Mexico
- Canada
- Australia
- Malaysia
- China
- Japan
- Kuwait
- Saudi Arabia
In fact, one ID showed details of a Netherlands’ Ministry of Defense senior official.
Their action
FedEx shut down the division. And some of the identification cards are already expired.
But, thousands of recently uploaded files are still valid. Thus, the customers’ are at risk of identity theft.
Also, they reached out to the affected individuals. And a few hours after the contact with a security firm, they secured the server back.
After their investigation, they transferred the information. They hired a secure cloud provider.
Additionally, they said that no evidence was found for the misuse of data.
About the company
The security experts from Kromtech said that the leaked data belonged to Bongo International LLC. It helps North American brands and retailers. And sells online to its overseas customers.
In 2014, FedEx corporation bought Bongo International. And in 2016, FedEx relaunched it as FedEx Cross-Border International.
Moreover, it specializes in the checkout and delivery approach. And the following features:
- accepts 80+ currencies
- with 15 payment methods
- multiple delivery choices
- credit card fraud protection
But, it was shut down on April 15, 2017. Still, the data of the company is available in public.
So, security experts contacted FedEx about the issue. And on the next day, they removed the public accesses.
What you can do
Data breaches are getting worse. In fact, billions are affected by data incidents. And this is actually inevitable. That is because we give information in our interaction with brands and companies.
In reality, we never know when breaches happen. But if your information was leaked. What can you do?
Here is our three-step guide. It will help you protect your data. And it can also lessen the consequences if you experience a breach.
#1 Learn
The first thing is that you should know what data was exposed. You can contact the company to ask. Also, you can read their announcements or notification emails.
#2 Act
Secondly, we must act quickly. It helps you protect yourself from identity theft.
You can do the following:
- Change your passwords.
- Add multi-factor authentication.
- Review your Social Security account.
- Inform your bank to freeze your account.
- Check your card for unusual activities.
- Set up a fraud alert.
- Sign up for credit monitoring services.
#3 Stay alert
Remember, your stolen data can still be misused years after the breach. So, be sure to check your reports thrice a year.
Also, you can set up for bank alerts. And most importantly. update your passwords every quarter.