An SSD drive that was reported stolen from a SAP datacenter in Walldorf has been discovered on eBay, which has prompted the German software manufacturer to launch a security inquiry. According to people with direct knowledge of the situation, four solid-state drives (SSDs) vanished from SAP’s datacenters in Walldorf, which are located in Baden-Wurttemberg, in the southwest of Germany, in November of last year. As SAP, a business that specializes in enterprise resource planning (ERP) software, works to improve its success in cloud computing and software as a service, both via its own cloud services and those hosted by third-party providers, the security breach will be an embarrassment for the corporation.
After some time had passed, one of the disks was located on eBay and purchased by a worker at SAP. They were successful in establishing that it was a SAP product. The hard drive contains the personal information of at least one hundred different SAP employees. The Register learned that while human error and procedure failure also played a role in the disks’ disappearance, a later examination revealed that they had been stolen.
According to the findings of the study, there were no physical checks conducted on individuals before they were allowed to leave the datacenter, which was advertised as a secure site. After being transported to an unsafe facility inside the headquarters complex, the disks were later taken from that location. SAP is unable to provide any information on the location of the three disks that are still missing.
According to understanding, this is the seventh occurrence in the last two years in which disks have gone missing from SAP’s European datacenters.
In answer to concerns that were posed by The Register, a spokeswoman for SAP said that the disks had not yet been found to contain any personally identifiable information (PII). “SAP places a high priority on the protection of customer data. “We can confirm that we currently have no evidence suggesting that confidential customer data or PII has been taken from the company via these disks or in any other way,” they stated. “Please understand that while we don’t comment on internal investigations, we can confirm that we currently have no evidence suggesting that confidential customer data or PII has been taken.”
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.