In today’s version of headlines that should never occur. FedEx left scanned customer passports, drivers licenses, and other documentation on a publicly accessible Amazon S3 server. The scanned IDs were attached to forms that include personal information such as name, address, and phone number. The server belonged to Bongo International LLC. Bongo was purchased by FedEx in 2014. The Bongo service was renamed but discontinued in April 2017.
The scanned IDs originated from countries all over the world, including several European countries. Starting in May 2018 these data leaks involving EU citizens will be subject to the EU General Data Protection Regulation (GDPR) and FedEx could face significant fines.
Many companies have a similar workflow that requires the company to scan IDs or other personal data. SecureCircle has already implemented solutions with Fortune 500 companies to secure on-boarding data. Scanned files can be protected with SecureCircle’s patent-pending Transparent File Encryption. Regardless of where the encrypted files are stored or how they are transferred, the data is always encrypted at rest, in transit, and in-use. In the FedEx case, files downloaded from the unsecured S3 server would not be accessible by any unauthorized user.