Misconfigured cloud storage results in data leak

Due to a misconfiguration by untrained and inexperienced internal IT staff, our client suffered a data breach that disclosed highly sensitive customer information. We were engaged to conduct an independent investigation and identify and quantify the incident’s impact.

Outcomes and benefits delivered

• We identified the source and scale of the leak and the nature of documents accessed, including partial leaks where files were incompletely exposed.
• Our report was used to assist the business in managing its obligations under the mandatory data breach legislation.

Background

Our client became aware of a data breach disclosing highly sensitive customer information. The client used a commercial storage solution to share and exchange data internally and externally with authorised clients. Due to a misconfiguration made by untrained and inexperienced members of the internal IT team, extremely sensitive client data was inadvertently exposed and made publicly available. KordaMentha was subsequently engaged to provide independent investigation support to assist the board and executive team in identifying and quantifying the level of exposure the business had because of the incident.

Approach

The client was an international operation with multiple global clients (including government). One of our challenges was differentiating legitimate access to the exposed data and access by unknown and possibly malicious actors. Implementing our cyber breach workflow, we identified and engaged with the key stakeholders to obtain relevant information, isolate the breach and commence analysis. Leveraging our data analytics tools, we extracted and reviewed over 16 million log entries to pinpoint the unauthorised access.

We assessed the nature of files subject to unauthorised access and investigated whether partially downloaded files might also have exposed confidential client and company information. Our team conducted a forensic analysis of several partially downloaded file types, which included zip files. We further leveraged the power of our document review platform, RelativityOne, to enable client review and categorisation of the sensitivity of potentially exposed documents.

The results of our analysis equipped us to clarify our client’s level of exposure risk to the executive team. Our findings were then provided in an expert report to the legal team.