Comprehensive data protection for all workloads
Post Reply
omegagx
Enthusiast
Posts: 68
Liked: 4 times
Joined: May 09, 2017 6:33 pm
Full Name: Mike G
Contact:

Veeam lost our customer records?

Post by omegagx » 1 person likes this post

How do I check if our records were included in this misconfigured DB that was open to the whole world? https://www.theinquirer.net/inquirer/ne ... aws-server
Marten_med_e
Enthusiast
Posts: 47
Liked: 4 times
Joined: Sep 26, 2013 9:31 am
Full Name: Mårten Edelbrink
Contact:

Re: Veeam lost our customer records?

Post by Marten_med_e »

omegagx
Enthusiast
Posts: 68
Liked: 4 times
Joined: May 09, 2017 6:33 pm
Full Name: Mike G
Contact:

Re: Veeam lost our customer records?

Post by omegagx »

Yeah, looks like it remained unsecured for 4 days after it was reported to Veeam. :-( :-( :-(
Gostev
Chief Product Officer
Posts: 31459
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Veeam lost our customer records?

Post by Gostev »

All - since the affected system does not belong to Veeam R&D, I cannot provide the detailed insight on this event. Nevertheless, I do very much apologize for this incident.

What I do know based on the internal communication is that this was a single marketing automation database that does NOT contain actual customer records (those are kept elsewhere). Only non-sensitive marketing information such as name, email address, and in some cases IP address and device ID. This database was possibly visible to outside third parties for a period of time, but it was never easily accessible - and based on the logs, we know the entire database was not compromised. We are in the process of notifying all of our customers and partners of the incident, regardless of if they may or may not be affected.

I will keep you posted if anything else material comes up on this topic.
Gostev
Chief Product Officer
Posts: 31459
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Veeam lost our customer records?

Post by Gostev »

Here's the official word from our president > https://www.veeam.com/executive-blog/ve ... olved.html
Gostev
Chief Product Officer
Posts: 31459
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Veeam lost our customer records?

Post by Gostev »

More comments from our president in this interview > https://www.theregister.co.uk/2018/09/1 ... follow_up/
dwrandolph
Novice
Posts: 7
Liked: 2 times
Joined: Dec 12, 2012 12:19 am
Full Name: Donald Randolph
Contact:

Re: Veeam lost our customer records?

Post by dwrandolph » 1 person likes this post

Sorry, but "name, email address, and in some cases IP address and device ID" does not count as "non-sensitive"! that is a lot of meta-data to tie other breaches together with.
Gostev
Chief Product Officer
Posts: 31459
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Veeam lost our customer records?

Post by Gostev » 1 person likes this post

I am not an expert in this to argue. However, this specific snippet you're quoting was provided to me by our lawyers. So I assume there are actual legal definitions of what is considered sensitive vs. non-sensitive data that they relied upon, and these definitions may not match your or mine perception.
dwrandolph
Novice
Posts: 7
Liked: 2 times
Joined: Dec 12, 2012 12:19 am
Full Name: Donald Randolph
Contact:

Re: Veeam lost our customer records?

Post by dwrandolph »

Oh, the lawyers are involved, with their carefully chosen and limited definitions of terminology. Everything must be all right then. </sarcasm>
bdufour
Expert
Posts: 206
Liked: 41 times
Joined: Nov 01, 2017 8:52 pm
Full Name: blake dufour
Contact:

Re: Veeam lost our customer records?

Post by bdufour » 1 person likes this post

thank you gostev for that clarification, as that was my assumption. it's not a shocker that lawyers would be involved in such matters. im not sure what else this guy wants out of this thread. i hope we can get past the mockery and sarcasm - as this is a technical forum.
Gostev
Chief Product Officer
Posts: 31459
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Veeam lost our customer records?

Post by Gostev » 1 person likes this post

Thanks for understanding, Blake. I almost wish now this had something to deal with our R&D organization... because there's nothing worse for me than taking heat for something that happened in a different part of the organization, and not being able to respond in a meaningful way due to not being in the loop :D
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 223 guests