Recently, we were alerted to a misconfiguration in one of our sparingly used Amazon S3 buckets that inadvertently became publicly accessible. This bucket contained limited records related to our SVD service.
Upon being notified, we acted immediately to shut down public access to the bucket and verified that the access settings were corrected. Our engineering and security teams conducted a thorough review of access logs, and we found no evidence of any unauthorized access or mass data downloads.
We take data security and privacy very seriously. While the matter has been resolved and there was no indication of misuse, we are implementing additional controls and audits to ensure this does not happen again. In keeping with standards based on our security and privacy certifications (ISO 27001, ISO 27701, SOC 2 Type II), we will be re-testing and running a VAPT on all relevant systems again.
Thank you for your continued trust.
