Accenture left customer data exposed on misconfigured server

Accenture reportedly exposed sensitive customer data on four misconfigured Amazon cloud servers, which might have allowed those with the web addresses to download the information, according to The Hill.

Cybersecurity firm UpGuard discovered in September that four of the consulting firm's Amazon Web Services S3 buckets had been set up for public access. The buckets stored application programming interface data, authentication credentials, decryption keys and customer information related to Accenture's cloud management platform.

Chris Vickery, cyber risk analyst at UpGuard, notified Accenture after making the discovery, and the company secured the buckets the following day. The affected customers reportedly included 94 Fortune 100 companies, according to The Hill.

A spokesperson for Accenture told The Hill there was no risk to the company's clients and no information had been compromised.

"There was no risk to any of our clients — no active credentials, [personally identifiable information] or other sensitive information was compromised," said the spokesperson. "We have a multi-layered security model, and the data in question would not have allowed anyone that found it to penetrate any of those layers. The information involved could not have provided access to client systems and was not production data or applications."

More articles on cybersecurity: 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars