InfoSecBulletin Cybersecurity for mankind
Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs 150 crore over the loss of data stored with the cloud-service platform.
The FIR was filed by the CCB’s Cyber Crime Police Station on February 11 following a complaint by Sridhar Rajendran from M/s Adarsh Developers.
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
According to Rajendran’s complaint, a copy of which was reviewed by DH, the firm has been developing residential, commercial and hospitality projects across Bengaluru for 36 years.
Rajendran said they used “SAP ERP stored with Amazon Cloud Services” to store their financial data as well as the customers’ personal data.
“In May 2023, Saidalawi Safan, a business development representative from AWS, contacted the firm and insisted on using their cloud storage servers to ensure retrieval of data even in the events of cyber terrorism or act of sabotage or other events like lightning, earthquake, cyclone, flood, storms, etc,” Rajendran said as per the FIR.
“Believing such assurance, in December 2023, the company procured cloud storage facilities with AWS through SAP implementation partner M/S SAVIC Technologies Pvt Ltd, Mumbai. The work order was issued to them to shift the company’s data from the earlier cloud storage facility to the AWS and also to maintain the data securely for three years until November 2027. The payment was agreed for Rs 88,59,924, including GST, Rajendran added.
On January 9, the implementation partner allegedly informed the builder that “due to the actions of a few individuals at Redington and AWS teams, there has been a data loss”.
“(We were) further told that employees at Redington Group have entered into our storage area at the root level and deleted our account completely. This event has resulted in the loss of over six years of business data causing substantial financial and operational loss to the company.
“The deletion of SAP S/4HANA (a business suite used to manage data) has brought the business functions/operations to a complete halt and the vital financial records, supply chain data, customer information, and operational insights accumulated over years are now inaccessible,” as per the complaint.
The value of the data loss is around Rs 150 crore, Rajendran claimed, as the company was unable to collect payments from customers, unable to pay statutory taxes and complete interest payments to lenders, “which caused approximately a loss of Rs 5 crore per day from January 9”.
“AWS India replied, stating that despite their best efforts, they are unable to retrieve the data and restore it. Hence, take necessary legal action against the culprits,” Rajendran told the police.
Apart from AWS, the FIR, filed under the Bharatiya Nyaya Sanhita (BNS) and Information Technology Act, named Redington Group. A probe has been initiated, confirmed senior officers refusing to comment further.
In an email response to DH, a spokesperson for AWS termed the claims as false.
“AWS operated as designed and is not responsible for the deletion of Adarsh Developers’ data,” the spokesperson said.
Source: DH, The420.in
“The claims against AWS in a recent news report are false. AWS operated as designed and is not responsible for the deletion of Adarsh Developers’ data.” – AWS spokesperson told infosecbulletin through mail.
