Cyber Threat Intel’s Post

Google Cloud has accidentally deleted a major customer’s account, including all its backups. The affected customer, UniSuper, is an Australian pension fund that manages $135 billion worth of funds and has 647,000 members. The incident occurred on May 2 and the full restoration of services did not happen until May 15. The deletion was caused by an inadvertent misconfiguration during the provisioning of UniSuper’s Private Cloud services. Google has taken responsibility for the incident and has apologized to UniSuper. #googlecloud #unisuper #accountdeletion #googleaccidents #networksecurity #networkforensics #retirementfunds #australia #securityoperations #informationtechnology Read more: https://lnkd.in/ehFe4ehN

Google Cloud accidentally deleted a massive customer account, causing two weeks of downtime for UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members. The incident raised concerns about the safeguards in place to prevent account deletion and the importance of a multi-cloud solution. While UniSuper was able to recover its data using backups from a different provider, the incident highlights the need for redundancy in cloud storage. #GoogleCloud #cloudstorage #disasterrecovery

Kudos for Unisuper for recovering their entire environment. I know everyone is focusing on the negatives but no one is talking about the absolute fantastic job that they did to recover their entire data sets and functions. #unisuper. This is probably the gold standard in DR that has been exhibited by unisuper and probably set an industry benchmark in disaster recovery. I think we all have something important to learn from Unisuper. Looking forward to Unisuper sharing their DR strategy and recovery insights. #cybersecurity #riskmanagement

In a recent incident, Google Cloud accidentally deleted the entire account of UniSuper, one of its major customers, causing extensive downtime. UniSuper, an Australian pension fund managing $135 billion with 647,000 members, was able to recover after a nearly two-week outage because of backups stored with another cloud provider. The incident underscores the importance of diversifying backup strategies. Whether through multi-cloud deployments or on-premises solutions combined with cloud services, safeguarding IT assets is crucial to prevent catastrophic data loss. #DataProtection #CloudBackup #ITSecurity https://lnkd.in/eTm2N2er

This incident with UniSuper underscores a critical lesson for all organizations relying on cloud services. The fact that Google Cloud accidentally deleted UniSuper's entire account—an event that should never even be possible—highlights the vulnerability inherent in single-provider reliance. At ePlus inc., we understand the importance of robust backup solutions and advocate for a multi-cloud approach to mitigate such risks. Combining cloud services with on-premises solutions provides a safety net that can save organizations from significant operational disruptions. Investing in a comprehensive backup and disaster recovery plan is essential for safeguarding your data and maintaining trust with your stakeholders. Let's prioritize data protection and build more resilient IT environments. Read more about the incident here: Google Cloud Accidentally Nukes Customer Account #DataProtection #CloudBackup #ITSecurity #BusinessContinuity #ePlus Tony Leonardo ☁️Danny St.Onge Todd Wolff☁️ Michael DeMuro

😱 😳 😱 "Unprecendeted" and "Inadvertent"? Is that an acceptable excuse for this gigantic blunder (aka f**kup), Google? Seriously? 😎 I don't trust Cloud. Everything is backed up in my own standalone device(s). 🤑 🤑 Superannuation funds (akin to a 401k) shouldn't, either. Fortunately, this time, somebody (in charge) at UniSuper had enough sense to back their files up albeit through other cloud services. The report below begins: "Buried under the news from Google I/O this week is one of Google Cloud's biggest blunders ever: Google's Amazon Web Services competitor accidentally deleted a giant customer account for no reason. UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members, had its entire account wiped out at Google Cloud, including all its backups that were stored on the service. UniSuper thankfully had some backups with a different provider and was able to recover its data, but according to UniSuper's incident log, downtime started May 2, and a full restoration of services didn't happen until May 15."

Finally an unsung hero of backup gets a shout out! 👏 We don't know who you are UniSuper-backup-genius, but in our minds, you are like the Dr. Strange of backup letting Tony Stark know that there is one scenario where everyone is saved. Proof that the one-in-a-million scenario you need a backup is still a possibility: In an "unprecedented sequence of events," Google Cloud accidentally deleted the account and backups of UniSuper, a $135 billion pension fund. Luckily, UniSuper used a separate, additional cloud backup provider — “shoutout to the hero at UniSuper who chose a multi-cloud solution.” #unsungheroes #cloudbackup #backupandrecovery #321rule https://bit.ly/4blaD94

🚨 Always keep backups: an 'unprecedented' Google Cloud debacle saw a $135 billion pension fund's entire account deleted and services knocked out for nearly two weeks. You can be certain that, if Google can accidentally delete the entire account of a company like this, the same could happen to your company's data too. Two weeks of downtime ... for a company with much more in the way of resources than any SMB ... UniSuper had their data distributed across two geographies ... all were deleted as the result of a "miscofiguration" during provisioning 🤔 The moral of the story is this: cloud services do not eliminate risk of data loss or disruptions of service ... As bad as this incident is, it could have been much worse, had UniSuper not been creating their own backup sets ... but, still, two-weeks of downtime .... having backups is not enough, you need to have a plan for contingency and recovery that has been tested and proven to be viable. Simply moving your assets to the cloud shouldn't be thought of as being elimination of risk (or even being much in the way of reduction) ... before deciding to move data and services to a cloud, remember UniSuper and ask yourself: how would I recover if that happened to my business. https://lnkd.in/ehFe4ehN

How an 'Unprecedented' Google Cloud Event Wiped Out a Major Customer's Account: Ars Technica looks at what happened after Google's answer to Amazon's cloud service "accidentally deleted a giant customer account for no reason..." "[A]ccording to UniSuper's incident log, downtime started May 2, and a full restoration of services didn't happen until May 15." UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members, had its entire account wiped out at Google Cloud, including all its backups that were stored on the service... UniSuper's website is now full of must-read admin nightmare fuel about how this all happened. First is a wild page posted on May 8 titled "A joint statement from UniSuper CEO Peter Chun, and Google Cloud CEO, Thomas Kurian...." Google Cloud is supposed to have safeguards that don't allow account deletion, but none of them worked apparently, and the only option was a restore from a separate cloud provider (shoutout to the hero at UniSuper who chose a multi-cloud solution)... The many stakeholders in the service meant service restoration wasn't just about restoring backups but also processing all the requests and payments that still needed to happen during the two weeks of downtime. The second must-read document in this whole saga is the outage update page, which contains 12 statements as the cloud devs worked through this catastrophe. The first update is May 2 with the ominous statement, "You may be aware of a service disruption affecting UniSuper's systems...." Seven days after the outage, on May 9, we saw the first signs of life again for UniSuper. Logins started working for "online UniSuper accounts" (I think that only means the website), but the outage page noted that "account balances shown may not reflect transactions which have not yet been processed due to the outage...." May 13 is the first mention of the mobile app beginning to work again. This update noted that balances still weren't up to date and that "We are processing transactions as quickly as we can." The last update, on May 15, states, "UniSuper can confirm that all member-facing services have been fully restored, with our retirement calculators now available again." The joint statement and the outage updates are still not a technical post-mortem of what happened, and it's unclear if we'll get one. Google PR confirmed in multiple places it signed off on the statement, but a great breakdown from software developer Daniel Compton points out that the statement is not just vague, it's also full of terminology that doesn't align with Google Cloud products. The imprecise language makes it seem like the statement was written entirely by UniSuper. Thanks to long-time Slashdot reader swm for sharing the news. Read more of this story at Slashdot.

How an 'Unprecedented' Google Cloud Event Wiped Out a Major Customer's Account: Ars Technica looks at what happened after Google's answer to Amazon's cloud service "accidentally deleted a giant customer account for no reason..." "[A]ccording to UniSuper's incident log, downtime started May 2, and a full restoration of services didn't happen until May 15." UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members, had its entire account wiped out at Google Cloud, including all its backups that were stored on the service... UniSuper's website is now full of must-read admin nightmare fuel about how this all happened. First is a wild page posted on May 8 titled "A joint statement from UniSuper CEO Peter Chun, and Google Cloud CEO, Thomas Kurian...." Google Cloud is supposed to have safeguards that don't allow account deletion, but none of them worked apparently, and the only option was a restore from a separate cloud provider (shoutout to the hero at UniSuper who chose a multi-cloud solution)... The many stakeholders in the service meant service restoration wasn't just about restoring backups but also processing all the requests and payments that still needed to happen during the two weeks of downtime. The second must-read document in this whole saga is the outage update page, which contains 12 statements as the cloud devs worked through this catastrophe. The first update is May 2 with the ominous statement, "You may be aware of a service disruption affecting UniSuper's systems...." Seven days after the outage, on May 9, we saw the first signs of life again for UniSuper. Logins started working for "online UniSuper accounts" (I think that only means the website), but the outage page noted that "account balances shown may not reflect transactions which have not yet been processed due to the outage...." May 13 is the first mention of the mobile app beginning to work again. This update noted that balances still weren't up to date and that "We are processing transactions as quickly as we can." The last update, on May 15, states, "UniSuper can confirm that all member-facing services have been fully restored, with our retirement calculators now available again." The joint statement and the outage updates are still not a technical post-mortem of what happened, and it's unclear if we'll get one. Google PR confirmed in multiple places it signed off on the statement, but a great breakdown from software developer Daniel Compton points out that the statement is not just vague, it's also full of terminology that doesn't align with Google Cloud products. The imprecise language makes it seem like the statement was written entirely by UniSuper. Thanks to long-time Slashdot reader swm for sharing the news. Read more of this story at Slashdot.