Microsoft storage error affects Czech organizations and ministries

According to anti-virus companies SOCRader and Xevos, the data leak affected 65,000 companies worldwide. Staff

Written by Staff Published on 26.10.2022 10:51:00 (updated on 26.10.2022) Reading time: 2 minutes

The Ministry of the Interior, the Ministry of Finance, health insurance company VZP, telecommunications company T-Mobile and the Česká spořitelna bank faced the threat of being 65,000 worldwide companies and institutions affected by a data breach, ČTK reports.

However, Česká spořitelna and T-Mobile said that they were not affected by the data leak, whereas the Ministry of Finance said the data were "not sensitive and are invalid already," according to ČTK.

A statement from Microsoft said that the company became aware of the breach on Sep. 24, after security researchers at SOCRadar informed it of "a misconfigured Microsoft endpoint." This "resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers."

The company added that it had secured the comprised endpoint, which is “now only accessible with required authentication,” and that an investigation “found no indication customer accounts or systems were compromised.”

The leaked data is likely to include login data, user information, orders of products and trade offers, and information on intellectual property.

IT head of Creative Dock, Marek Krejza, said that stealing and trading the stolen data are some of the most frequent and profitable cybercrimes. "The popularity of this type of crime warns of the low level of security some quite big and important firms have," Krejza told ČTK.

Mailkit director Jakub Olexa said that data security is a "very underestimated problem, especially in the sphere of cloud services."

"Their clients tend to believe blindly that the providers such as Amazon, Google and Microsoft are absolutely safe, but the reverse is true. Cloud services are also administered by people and errors do happen, with the difference that in such a case the damage is much bigger." 

Jakub Olexa, Mailkit director

According to IBM's Cost of a Data Breach Report, which is based on insights from 550 real breaches in 2022, stolen or compromised credentials were responsible for 19 percent of breaches, while phishing was responsible for 16 percent of breaches, followed by cloud misconfiguration, which accounted for 15 percent of breaches.

Officials in Prague were the target of a "massive" data breach last year, Euronews reports. At that time, Prague mayor Zdeněk Hřib tweeted that the servers had "survived" and there was little damage. "Thanks to the storage of multiple copies of data at once, we did not damage the data," Hřib added.

The Czech Republic National Cyber and Information Agency (NUKIB), which investigated the data breach, said they had previously identified "serious vulnerabilities" affecting Microsoft Exchange Server that allowed remote access to email accounts.

Would you like us to write about your business? Find out more