A financial services company’s DevOps team was using AWS databases and S3 buckets for development, handling sensitive customer data, including account information for direct debit. While the app encrypted data both in transit and at rest, there was a significant oversight: developers were writing extensive logs into the app for debugging purposes. These logs, which sometimes remained on servers for months, contained unencrypted customer data and were often downloaded into less secure development environments.
Worse, the logs were shared among developers via personal cloud platforms and USB drives, further exposing customer information.A routine cybersecurity assessment led to the discovery of this issue.
The firm hired a cybersecurity professional who used GuardWare ASSESSOR to scan their environment. The scan revealed stored customer data in log files on developers’ devices and in their AWS environment, as well as the unsafe sharing practices.This triggered a serious internal investigation, resulting in the implementation of strict oversight processes to prevent such risks in the future. The company now uses GuardWare INSIGHT to enforce data protection policies, ensuring developers no longer inadvertently misuse customer data.
