Cisco’s cloud management company Meraki has suffered a data breach caused by a staff error.
Meraki’s engineering team made a configuration change on August 3rd that applied a policy to the company’s North American object storage service. The erroneous policy caused particular types of data that had been uploaded before 11:20 am Pacific Time (PT) on August 3rd to be deleted.
The issue is limited to user-uploaded data and won’t affect network operations in the majority of cases, and Meraki has stopped the issue from continuing.
Engineers have been working over the weekend to work out what data can be recovered. They are also working on tools to help customers identify what they’ve lost. The engineering team recommends that customers wait until these tools have been built to save time in the identification process.
There will be an update by the end of the day on Monday 7th August, in which Cisco will tell customers what it plans to provide to help restore functionality.
Cisco has released details of the areas affected by the loss. It includes splash page themes, floor plans, logos, summary reports, and some phone-related data like voicemail greetings.
For businesses who have been affected, these are not necessarily sensitive or critical sets of data, but it will be an inconvenience and will be particularly galling as Meraki markets itself as a time saver.
The loss will also do no favours for Cisco’s reputation, particularly as there doesn’t seem to be any tools in place for protecting the lost data, and that engineers have had to work through the weekend to build new tools.
The company is unlikely to be happy about this, and has expressed its disappointment in a statement on the loss – ‘We are deeply regretful for this error and apologize for the inconvenience caused.’