Posted on August 8, 2017 at 2:41 PM
In an update published on Friday, Cisco has revealed of losing data of some of its customers because of a Meraki cloud configuration data. Apparently, their engineering team made a configuration change on the North American object storage service which then made some of its customer data being deleted in the process.
Meraki is Cisco’s subsidiary which provides cloud-managed information technologies for wireless, switching, security, EMM, communications and security cameras via its web-based dashboard interface.
The company said that their engineering team made a configuration change on August 3rd of this year that then applied an erroneous policy to their North American object storage service, making certain data uploaded before 11:20 AM Pacific time on the same day to be deleted. The firm has added that the issue has been fixed and is no longer happening.
They’ve also said that the issue in question does not impact network operations in the majority of cases, but only cause an inconvenience since some of the users’ data will be lost. They added that the network configuration data won’t be lost or impacted since the issue is limited to data uploaded by users.
Their engeeniring team has been working over the weekend in order to try and recover any customers’ data and provide a tool that will help their customers identify specifically what has been lost.
The firm said that it is advised for their customers to wait until they produce such a tool and not try to recover the files themselves. They are also very sorry for the mistake that has been made and apologize for the inconvinience they’ve caused.
An update is to be provided on 7th August that should inform customers about the current status of what resources the firm will be making available to help restore functionality
Cisco did not specify how many customers’ were affected by the incident. It’s Meraki service is used by over 140,000 customers and 2 million network devices, according to the company’s website.
The customer data that has been erased by accident include custom floor plans, summary reports, branding logos, uploaded device placement photos as well as Meraki dashboard custom splash themes. Other data deleted in the incident include custom enterprise apps, interactive voice response menus, music on hold, contact images and voice mail greetings.
This latest cloud-related incident just heightens security experts’ already growing concerns about digital and cloud security due to a list of accidents that led to users’ data being exposed to the public.
Just last month there have been a number of firms found to accidentally expose sensitive information to the public because of a configuration error made by group administrators.
Dow Jones & Co recently confirmed that the personal and financial data of nearly 2.2 million customers were exposed due to a configuration error in Amazon’s S3 bucket.
Earlier this year, Amazon Web Services’ massive S3 outage for several hours was caused due to an engineering error.
Varun Badhwar, co-founder & CEO of RedLock stated that in case it is configured correctly, the public cloud can be highly secure, but this just shows that firms are not properly securing cloud applications and public cloud infrastructure. They added that accidents like this are way too common these days, and he is afraid we will be seeing these types of incidents in the future, too.