I mean, it's the usual story with these things — "accidentally stored internal data — including other companies' security sensitive data — in a public file share" (or in this case, S3). Not much to learn from the story that we don't already know about IT security. Bottom line, it's bad to trust vendors that are not trustworthy, and this can expose other kinds of lazy/bad practices in your organization.
For a company that had thousands of clients, I didn't think 1TB was an especially large amount of data, all things considered.
You could reasonably write it off as not being a best practice in 2014 (although that doesn't explain the current backups being unencrypted). Also it's a terrible excuse.
not to mention attunity is the preferred vendor for data integration by microsoft and amazon...so its not just non-tech fortune 100 companies that use them.
This is a measure of market efficiency. In an efficient market they would lose absolutely all of it.
Bet you they lose almost none of it. Manipulating old idiots on boards of directors is much more important than quality, which is what the word "enterprise" means.
Enterprise IT (noun): Awful quality product that would get zero traction without a massive con of ignorant boards and senior management.
It depends. Almost all corporate to corporate contracts have clauses about data protection and security breaches. This would allow many of their clients to cancel their contracts with cause. Usually that happens if the business wasn’t getting a lot of value from the service as of late, or the value they were getting doesn’t outweigh the liability.
It’s hard for boards to ignore major breaches if you’re a public company and its hard to win business if you’re known to be lax with security.
Flip it around. How high does that cost have to be before it stops being excellent value in this case? Why would you assume zero is the only cost that makes sense here, that's insane!
edit: On reflection I think you've got a meaning from what I said that isn't quite right. The cost of moving is one of the things that might make this market inefficient. Anything that is a barrier to entry, a barrier to switching provider contributes to market inefficiency. It's an economic term worth knowing as people bandy it about here a bit. Barriers to entry, imperfect information, market power of suppliers (here), nonzero selling costs, nonzero switching costs all contribute. The question in most markets is to what extent do they contribute? How inefficient is it? Here paying money for gross incompetence when you found that out you'd be pretty determined to dump the supplier because you've been conned, and conned badly. Now you are aware of being exposed to a large risk, ever increasing legally once you do nothing when you clearly know the risk exists. So it's a good measure of how efficient this market is because nobody of any competence or sanity wants to stay with this supplier anymore.
The dominant cost here is switching cost. Data has mass-like characteristics. It exhibits inertia, momentum and gravity.
To move data from one to another requires three terms: you need to be moving at least as fast as the production rate, you need to be accelerating at least fast as the production rate is and then, on top of those, you need additional movement speed to be able to move the original accumulation.
For the market to be perfectly competitive in an economic sense, switching costs would have to be zero. Hence my original smartarsery.
I think it's more likely that they'll call their lawyers and haggle for a few bucks off the next renewal.
You wanted service, you got a punch in the face. So negotiate a small discount while leaving yourself wide open for being sued? Crazy! These guys are a huge risk of not being around in a year.
That's some kind of market inefficiency right there. How bad would this service have to be to dump the supplier? It's actually kind of hard to imagine this being worse, don't you think?
It's not my area but I'm pretty sure I can design a parallel solution to get away from the vampires relatively quickly. Start collecting current data somewhere else in parallel to the existing. Move all the existing data, take as as long as that takes. Switch of the tap to the legacy vampires when it's done and the new, up-to-date collection has full history. Pay to get it done. Sue your former suppliers for the entire cost on account of them being fundamentally incompetent and dishonest. Dare them to fight it. Tell them just how much you're looking forward to discovery which by necessity will not be confidential. "How famous do you want to be?" Give interviews about how you don't put up with this kind of standover nonsense. Seriously you can't have these idiots as suppliers. You really can't. We can't have them survive in the industry and simultaneously have self-respect, surely. Airlines with planes that crash that aren't their fault go broke. These guys surviving this, just no. They need to die and be condemned to the hell of writing blog posts on medium about what they learned from their total abject and utter failure. Attunity customers who stick with them should be sued for treating their own customers health, safety and wellbeing with contempt. No fortune 100 customer agreed to that risk. A few bucks off the renewal? Just no.
You have to verify and internally coordinate a disclosure of this size. The article also mentions that they were unclear about a point of contact due to a recent merger and that they are in a different time zone. Two days sounds completely reasonable for all of that.
This one is a double whammy not only because there's not only data on those companies, but it can be extrapolated that many of those companies are relatively new to the cloud (and possibly which cloud service is available as well), making them also ripe for targeting.
One of Attunity's bigger sales deals is making their data migration tools free for a long period to help organizations migrate to cloud. This is essentially a list of "Hey, these other orgs might also be open to hacking as they haven't learned yet."
31 comments
[ 2.7 ms ] story [ 81.7 ms ] threadFor a company that had thousands of clients, I didn't think 1TB was an especially large amount of data, all things considered.
S3 is very common when it comes to leaks for some reason
"The only way to make a man trustworthy is to trust him; and the surest way to make him untrustworthy is to distrust him and show your distrust."
what’s that, one email signature?
This is a measure of market efficiency. In an efficient market they would lose absolutely all of it.
Bet you they lose almost none of it. Manipulating old idiots on boards of directors is much more important than quality, which is what the word "enterprise" means.
Enterprise IT (noun): Awful quality product that would get zero traction without a massive con of ignorant boards and senior management.
It’s hard for boards to ignore major breaches if you’re a public company and its hard to win business if you’re known to be lax with security.
edit: On reflection I think you've got a meaning from what I said that isn't quite right. The cost of moving is one of the things that might make this market inefficient. Anything that is a barrier to entry, a barrier to switching provider contributes to market inefficiency. It's an economic term worth knowing as people bandy it about here a bit. Barriers to entry, imperfect information, market power of suppliers (here), nonzero selling costs, nonzero switching costs all contribute. The question in most markets is to what extent do they contribute? How inefficient is it? Here paying money for gross incompetence when you found that out you'd be pretty determined to dump the supplier because you've been conned, and conned badly. Now you are aware of being exposed to a large risk, ever increasing legally once you do nothing when you clearly know the risk exists. So it's a good measure of how efficient this market is because nobody of any competence or sanity wants to stay with this supplier anymore.
To move data from one to another requires three terms: you need to be moving at least as fast as the production rate, you need to be accelerating at least fast as the production rate is and then, on top of those, you need additional movement speed to be able to move the original accumulation.
For the market to be perfectly competitive in an economic sense, switching costs would have to be zero. Hence my original smartarsery.
I think it's more likely that they'll call their lawyers and haggle for a few bucks off the next renewal.
That's some kind of market inefficiency right there. How bad would this service have to be to dump the supplier? It's actually kind of hard to imagine this being worse, don't you think?
It's not my area but I'm pretty sure I can design a parallel solution to get away from the vampires relatively quickly. Start collecting current data somewhere else in parallel to the existing. Move all the existing data, take as as long as that takes. Switch of the tap to the legacy vampires when it's done and the new, up-to-date collection has full history. Pay to get it done. Sue your former suppliers for the entire cost on account of them being fundamentally incompetent and dishonest. Dare them to fight it. Tell them just how much you're looking forward to discovery which by necessity will not be confidential. "How famous do you want to be?" Give interviews about how you don't put up with this kind of standover nonsense. Seriously you can't have these idiots as suppliers. You really can't. We can't have them survive in the industry and simultaneously have self-respect, surely. Airlines with planes that crash that aren't their fault go broke. These guys surviving this, just no. They need to die and be condemned to the hell of writing blog posts on medium about what they learned from their total abject and utter failure. Attunity customers who stick with them should be sued for treating their own customers health, safety and wellbeing with contempt. No fortune 100 customer agreed to that risk. A few bucks off the renewal? Just no.
Sounds like a data breach, either on the server or in the ops code / config.
When will data ownership be a thing? No need for ANY company to store my data if I can have it one my phone, which is on 24/7 and connected.
*edit - I'm not trying to be smarmy - its a genuine question
One of Attunity's bigger sales deals is making their data migration tools free for a long period to help organizations migrate to cloud. This is essentially a list of "Hey, these other orgs might also be open to hacking as they haven't learned yet."