Cisco has confirmed that it has lost some valuable customer data after its engineering team made a configuration error while handling the North American object storage service.
Cisco has apologised for the loss of customer data and expressed hope that it would be able to recover some of it soon.
In the second such instance in two months, Cisco said that its engineering team ‘made a configuration change that applied an erroneous policy’ to the company’s North American object storage, thus deleting certain data uploaded to the server prior to 11:20 AM PST on 3rd August.
Last month, sensitive details of 2.2 million Dow Jones customers were exposed on Amazon’s unprotected S3 cloud server following a configuration error on part of the company’s engineers. The engineers in question had configured a database containing data of millions of customers to allow semi-public access. Following the error, the database could be accessed by anyone with an Amazon Web Services account.
In Cisco’s case, the customer data that was deleted was handled by Meraki, a subsidiary of Cisco that offered cloud-managed information technologies for IoT and communications devices.
According to a press release published by Meraki following the incident, the company erroneously deleted customer data including custom splash themes, custom floor plans, custom Dashboard branding logos used in navigation, custom logos used in Summary Reports and uploaded device placement photos. It also lost voicemail greetings, contact images, IVR and music applications.
‘Our engineering team is working over the weekend to investigate what data we can recover, as well as what tools we can build to help our customers specifically identify what has been lost from their organization,’ read the press release.
‘We recommend waiting until we make these tools available prior to restoring files as we will be trying to design our tools to help our customers save time. We will communicate an update by the end of the day on Monday August 7 with the current status of what resources we will be making available to help restore functionality,’ it added.
According to security firm UpGuard, risky handling of customer data isn’t limited to small-scale and mid-level firms but can also be committed by ‘esteemed, well-known organizations occupying the upper echelons of the financial world’.
‘Enterprises must start regaining control over their IT systems to ensure easily preventable mistakes are caught quickly, or face a costly digital backlash,’ the firm added.
“In the last month, we’ve seen three high profile data incidents of this nature: Deep Root Analytics, Verizon Wireless and now Dow Jones. The difficulty with stopping this kind of thing is that it originates from human error, not malice. Just one wrong tick box in the cloud set-up process can put vast amounts of sensitive customer data at risk,” says Rich Campagna, CEO at Bitglass.
The UK government has announced that it is bringing in a new data protection law that will seek to protect customer data in the hands of organisations and penalise companies that fail to protect such data. Once the new law comes into effect, companies, especially large ones, will not be able to afford such mistakes since the Information Commissioner’s Office will be able to issue fines of up to £17m, or 4% of a company’s global turnover.
According to Greg Hanson, VP of EMEA cloud at Informatica, businesses need to implement powerful automated data management strategy and map out their entire databases since humans cannot process such data all the time with perfect accuracy.