A Cayman Islands-based investment fund has exposed its entire backups to the internet after failing to properly configure a secure Microsoft Azure blob.
For this specific case, most jurisdictions will likely consider this incident to be gross negligence, exposing the fund to a series of lawsuits from the clients. In the past, similar incidents led to bankruptcies due to irreparable impact on the reputation and inability to continue operations with frustrated customers. We should also expect various law enforcement agencies, in charge of the prosecution of tax evasion or money laundering, to start a probe of the documents for investigative purposes.
Sadly this is just another example of leaked data available on the Internet. Countless organizations of all sizes blindly move their data to the cloud without the proper training of their IT personnel. Eventually, this leads even to larger disasters than criminal data breaches. Worse, cybercriminals are well aware of the myriad of misconfigured cloud instances, and continuously monitor the entire Internet for such low-hanging fruit. Such attacks, unless exposed by the media or security researchers, are virtually undetectable and thus extremely dangerous: the integrity of your trade secrets and most sensitive data may suddenly get into the hands of your competitors, malicious nation-state actors, and organized crime.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics