Google Cloud misconfiguration deletes pension account data for over 500,000 people, backups for other regions also disappear, and data is restored from backups of other services



In May 2024, an issue occurred at the Australian pension fund UniSuper that prevented members from accessing their accounts. It took a week to restore the system, but UniSuper released a joint statement with Google Cloud, revealing that the issue was caused by a configuration error by Google Cloud, not a cyber attack.

A joint statement from UniSuper and Google Cloud | UniSuper
https://www.unisuper.com.au/about-us/media-centre/2024/a-joint-statement-from-unisuper-and-google-cloud



Google Cloud accidentally deletes UniSuper's online account due to 'unprecedented misconfiguration' | Superannuation | The Guardian
https://www.theguardian.com/australia-news/article/2024/may/09/unisuper-google-cloud-issue-account-access

UniSuper is one of Australia's largest superannuation funds, with over 615,000 members and $124 billion in assets under management.

According to the announcement, when Google Cloud was provisioning UniSuper's private cloud service, it accidentally made a configuration error, which ultimately led to the deletion of UniSuper's subscription.

Google Cloud CEO Thomas Kurian described the incident as a 'unique event' that has never happened before among Google Cloud's global clients.

The reason the outage lasted a week was simply because it took so long to fix.

In fact, UniSuper had set up a duplicate server in another region to continue normal operations even if a server in one region of Google Cloud went down in case of a problem like this. However, this time, the content was deleted in both regions when the subscription was deleted.

'The UniSuper and Google Cloud teams demonstrated incredible focus, effort and collaboration to ensure the massive recovery of the private cloud, including hundreds of virtual machines, databases and applications,' the statement said.

UniSuper also had backups in place with another service provider, which helped minimize data loss.

in Note, Posted by logc_nt