Unique An SSD disk lacking from a SAP datacenter in Walldorf has turned up on eBay, resulting in a safety investigation by the German software program vendor.
In response to sources near the incident, 4 SSD disks went lacking from SAP’s Walldorf datacenters in Baden-Württemberg, southwest Germany, in November final yr.
One of many disks later turned up on eBay and was purchased by an SAP worker. They had been capable of determine that it belonged to SAP. The disk contained private data of 100 or extra SAP workers.
A subsequent investigation discovered that the disks had been stolen, though human error and course of failure additionally contributed to their loss, The Register understands.
The investigation confirmed there have been no bodily checks on folks leaving the datacenter, which was described as a safe location. The disks had been moved to an unsecured constructing within the HQ advanced and from there they had been stolen. The whereabouts of the three remaining disks are unknown to SAP.
The Register understands it’s the fifth incident of disks going lacking from SAP’s European datacenters in two years.
In response to questions raised by The Register, a SAP spokesperson stated the disks contained no personally identifiable info (PII).
“SAP takes information safety very severely. Please perceive that whereas we do not touch upon inner investigations, we are able to verify we at the moment don’t have any proof suggesting that confidential buyer information or PII has been taken from the corporate by way of these disks or in any other case,” they stated.
The safety breach can be a humiliation to SAP as the corporate centered on enterprise useful resource planning (ERP) software program strives to extend its success in cloud computing and software program as a service, each by way of its personal cloud companies and companies hosted by third-party suppliers.
In 2019, Finnish information elimination specialist Blancco discovered that of a pattern of 159 random used drives on eBay within the US and Europe, 42 p.c (or 67 gadgets) enabled anybody with primary IT literacy to entry the information saved by their earlier homeowners. A whopping 15 p.c contained PII that could possibly be utilized by cybercriminals, the corporate stated. ®