FortiCloud able to access RMA'd device given to somebody else

We RMA'd a dead Fortigate last year for a client.  I logged into their FortiCloud to backup their config and I still see their old Fortigate is still listed and online.  It looks to have been refurbished and given to somebody else.  I was able to see their config and manage the device.  Obviously I'm not going to do anything to it.  I've submitted a ticket to Fortinet so they can fix this and explain how it was able to happen.  I'm now concerned that my replacement fortigate can be accessed by it's previous owner!