How to Avoid the AWS Configuration Mistake FedEx Made that Exposed Confidential Customer Data to Hackers


Jan 16, 2019

Could your organization fall victim to the same AWS configuration that plagued FedEx this year?

As more and more companies move their IT infrastructure to the cloud, there’s bound to be a few missteps. Many of these missteps have been catastrophic, but few have been dissected as much as a recent FedEx data breach that exposed confidential customer data. Read on as we dig into this data breach and help you understand why it happened and how your company can steer clear of the AWS configuration mistakes that caused this issue in the first place.

FedEx data breach explained

Earlier this year, it was revealed that a company FedEx acquired back in 2014, left customer data sitting on an unencrypted S3 instance. This exposed data consisted of more than 100,000 scanned documents with everything from drivers licenses to passports. FedEx has maintained that while the data was exposed, they do not have any indication that it has been exploited as of yet.

What can we learn from this FedEx data breach?

This data breach shows that companies have to be extremely careful when storing any type of information in the cloud. Not only does this relate to corporate data, but any acquisitions that occur must be scrutinized to ensure that everyone is aware of the intricate details of any

cloud-based initiatives that exist on the part of the company that is being acquired.

Cloud instances are becoming almost too easy to create, which can cause a scenario where a lone developer is simply testing a new feature and decides to spin up a new instance and load up some dummy data. The problem with this approach is that too often these side projects end up being created, left, and never touched again without any security protocols being in place for confidential data that’s residing in the cloud.

Companies need to be hyper vigilant when it comes to cloud security. Many companies seem to have the opinion that because they’re moving resources to the cloud with major players like Amazon, Microsoft, or Google, somehow their security concerns are no more. This is absolutely untrue. Companies need to remember that cloud providers such as AWS, Azure, and Google Cloud are only providing the infrastructure for you to host your own data. While these providers do offer some additional security safeguards, these must be configured, and are not enabled by default when a new instance is spun up in the cloud. In the same way that you’re extremely cognizant of the security surrounding your in-house corporate network, you should stay laser focused on maintaining the security of any public cloud infrastructure as well.

Do you have any vulnerabilities in the cloud?

Do you fear that your team has been a bit lackadaisical when it comes to configuring your cloud infrastructure? If so, it’s critical that you bring in a team of cloud experts to take an inventory of all your cloud resources and how secure they really are. Even if you’ve been able to fly under the radar and not experience any type of data breach, your days could be numbered.

If you’d like to have a cloud assessment to identify any of your company’s vulnerabilities related to cloud security, reach out to CloudHesive today by phone at 800-860-2040 or through our online contact form.

Related Blogs

  • On a blue background are the letters AI in white. Superimposed over this is a robotic face wrapped with a connectivity symbol. A word bubble says can I help you." alt="">
    How AI Chatbots are Changing the Call Center Game

    With Amazon Lex Chatbots and Contact Lens, you can create tomorrow’s customer experience today. Key Takeaways: AI chatbots are revolutionizing not just call centers, but the way customer service is...

    Learn More
  • Six office workers sit at computers on opposite sides of a table in a brightly lit office." alt="">
    4 Challenges of Managing WorkSpaces at Scale and How to Solve Them

    A skills gap in IT staff and rising employee costs make managed services the right choice Key Takeaways: Research says it takes a minimum of 10 dedicated full-time IT staff members to manage DaaS...

    Learn More
  • The customer call center in an AI world." alt="">
    How Artificial Intelligence Is Reinventing the Call Center

    Today’s most important AI call center trends – is your call center ready for them?  Key Takeaways:  Learn how to improve customer service operations using automation while still providing...

    Learn More