InfoSecBulletin Cybersecurity for mankind
Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs 150 crore over the loss of data stored with the cloud-service platform.
The FIR was filed by the CCB’s Cyber Crime Police Station on February 11 following a complaint by Sridhar Rajendran from M/s Adarsh Developers.
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
CISA Warns Active Exploitation of Apple iOS Security Flaw
Massive IoT Data Breach Exposes 2.7 Billion Records
According to Rajendran’s complaint, a copy of which was reviewed by DH, the firm has been developing residential, commercial and hospitality projects across Bengaluru for 36 years.
Rajendran said they used “SAP ERP stored with Amazon Cloud Services” to store their financial data as well as the customers’ personal data.
“In May 2023, Saidalawi Safan, a business development representative from AWS, contacted the firm and insisted on using their cloud storage servers to ensure retrieval of data even in the events of cyber terrorism or act of sabotage or other events like lightning, earthquake, cyclone, flood, storms, etc,” Rajendran said as per the FIR.
“Believing such assurance, in December 2023, the company procured cloud storage facilities with AWS through SAP implementation partner M/S SAVIC Technologies Pvt Ltd, Mumbai. The work order was issued to them to shift the company’s data from the earlier cloud storage facility to the AWS and also to maintain the data securely for three years until November 2027. The payment was agreed for Rs 88,59,924, including GST, Rajendran added.
On January 9, the implementation partner allegedly informed the builder that “due to the actions of a few individuals at Redington and AWS teams, there has been a data loss”.
“(We were) further told that employees at Redington Group have entered into our storage area at the root level and deleted our account completely. This event has resulted in the loss of over six years of business data causing substantial financial and operational loss to the company.
“The deletion of SAP S/4HANA (a business suite used to manage data) has brought the business functions/operations to a complete halt and the vital financial records, supply chain data, customer information, and operational insights accumulated over years are now inaccessible,” as per the complaint.
The value of the data loss is around Rs 150 crore, Rajendran claimed, as the company was unable to collect payments from customers, unable to pay statutory taxes and complete interest payments to lenders, “which caused approximately a loss of Rs 5 crore per day from January 9”.
“AWS India replied, stating that despite their best efforts, they are unable to retrieve the data and restore it. Hence, take necessary legal action against the culprits,” Rajendran told the police.
Apart from AWS, the FIR, filed under the Bharatiya Nyaya Sanhita (BNS) and Information Technology Act, named Redington Group. A probe has been initiated, confirmed senior officers refusing to comment further.
In an email response to DH, a spokesperson for AWS termed the claims as false.
“AWS operated as designed and is not responsible for the deletion of Adarsh Developers’ data,” the spokesperson said.
Source: DH, The420.in
“The claims against AWS in a recent news report are false. AWS operated as designed and is not responsible for the deletion of Adarsh Developers’ data.” – AWS spokesperson told infosecbulletin through mail.
