EY Exposes 4TB of Client Data in Azure Cloud Blunder

A 4-terabyte SQL Server backup belonging to global accounting firm Ernst & Young was found publicly accessible on Microsoft Azure, exposing a staggering volume of client-related information. The discovery, made by cybersecurity company Neo Security during routine asset mapping, underscores how even major corporations like EY expose 4TB of client data through simple cloud misconfigurations.

The exposed .BAK file contained full database dumps, potentially including credentials, API keys, and sensitive documents. EY exposes 4TB of client data through what researchers linked to a 2020 European acquisition. Neo Security verified ownership with DNS records pointing to ey.com and halted further access after confirming the file’s format.

The firm contacted EY’s cybersecurity team after 15 attempts, finally receiving a prompt and professional response. The issue was resolved within a week. Analysts warn that rapid botnet scanning leaves no margin for error in cloud security.

Read the official report for more details:

EY Data Leak – Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure