In digital data, security challenges can emerge even for the most vigilant organizations. On August 29th, an incident unfolded in our infrastructure involving a compromised log server. In this blog post, we aim to openly share the details of this occurrence and our response.
Compromised Log Server Isolated to One Region and One Log Service
The situation arose on August 29th when our Elasticsearch log cluster, serving a specific region and log service, experienced unauthorized access due to an accidental assignment of a public IP address. Importantly, this exposure was confined solely to this one region and one particular log service within our multi-regional infrastructure. We maintain six distinct regions, and it’s worth noting that this incident did not impact the other five regions, where traffic levels are consistently higher than in the affected region.
Nature of the Compromise
It’s essential to clarify that only log data from this single region and log service affects by this compromise. Fortunately, our regular data management procedures include the rotation of log data every two days, which limits the amount of data exposed. Nevertheless, we discovered that some of this log data contained Personally Identifiable Information (PII), which heightened our concern.
Minimal Impact on Transactions
We are relieved to report that, despite the situation, our transactional data remained entirely unaffected and secure. This means that customer transactions and sensitive financial and medical information remained completely insulated from this incident.
Prompt Notification and Collaboration
Upon detecting the issue on August 29th, we took swift and decisive action. Identifying the single affected customer, we promptly notified them. Additionally, we initiated a close collaboration with the customer’s network audit team, ensuring a comprehensive investigation of the situation.
Internal Process Enhancements
We take data privacy and security seriously, and this incident serves as an invaluable learning experience. As a result, we have taken steps to enhance the rigor of our internal processes and improve our ability to detect and prevent such situations in the future. We aim to ensure that log server incidents like these can be averted at the earliest possible stage.
Exploring External Audit Opportunities
In tandem with our internal improvements, we have actively planned to conduct an external audit. Such an audit would help us identify any potential gaps in our security measures that may have gone unnoticed. Our unwavering commitment to data security drives us to continuously seek ways to enhance our processes.
Data Privacy Remains Our Foremost Priority
At our core, CrelioHealth prioritizes the security and privacy of the data entrusted to us. This incident has reinforced our dedication to safeguarding data and reminds us of the ever-evolving nature of security challenges. We want our customers to be confident that we are resolute in our commitment. We ensure their data remains secure by addressing the log server problems. To uphold this promise, we will continue to invest in both internal and external measures.
