A world-leading corporate consultancy and technology outsourcer left at least four cloud-based storage servers unsecured and publicly downloadable, exposing secret data, authentication credentials, certificates, decryption keys, customer information, and more data that could have been used to attack both the provider and its thousands of clients.
Fairfax Media can reveal that Accenture one of the world’s largest corporate consulting and management firms that has offices across Australia and is also behind the national e-health record system inadvertently allowed files belonging to its clients to be publicly available.
While there is no evidence to suggest that Australia’s e-health system was compromised by Accenture’s unsecured servers, Fairfax Media has been told that data belonging to ASX-listed Caltex Australia was exposed as part of the huge trove of highly sensitive information left unsecured.
It is understood the Caltex data exposed was “dummy” data provided by Caltex Australia to Accenture more than two years ago when Caltex was trialling an Accenture product that it did not end up using long term.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
At a size of 137 gigabytes, one exposed data set contained large information dumps that included credentials, some of which appear to be for Accenture clients. IT company UpGuard, founded by Australians and based in Mountain View California, revealed the breach on Wednesday in a blog post and told Fairfax Media that Caltex Australia data was exposed.
“This cloud leak of Accenture’s internal data, including access credentials that could potentially have been used to attack clients, highlights the sad truth of cyber risk in 2017: nobody is safe,” UpGuard co-CEO Mike Baukes told Fairfax Media.
“If the biggest corporations on Earth cannot keep critical internal data from being exposed due to internal misconfigurations, this has got to tell you something about how unequipped most enterprises are to effect cyber resilience across their IT operations, and secure not only the data of other major corporations but, inevitably, of the individual customers most victimised by data exposures.”
Date: Oct 11, 2017