Excerpt from SDxCentral Article, Published on October 30, 2025
Data security concerns are once again in the spotlight as global consulting giant Ernst & Young (EY) suffered a massive 4-terabyte (TB) data exposure following a cloud migration mishap. The incident underscores how even the most resourceful firms remain vulnerable to simple misconfigurations during digital transformation efforts.
The breach, discovered by researchers at Neo Security, involved an unprotected SQL Server backup file that was publicly accessible online. The exposed database reportedly contained service account passwords, user credentials, authentication tokens, and API keys, offering a potential goldmine for attackers.
According to Neo Security’s analysis, the issue stemmed from an engineer mistakenly setting a backup file to public during a one-time data migration from on-premises systems to the cloud. The firm explained that a single misclick or naming error in a storage bucket can instantly expose sensitive data — a risk amplified by today’s automated scanning infrastructure that detects such misconfigurations within minutes.
EY confirmed the exposure but clarified that it was limited to an entity acquired by EY Italy, not linked to the firm’s global systems. “No client information, personal data, or confidential EY data has been impacted,” the company said in a statement to SDxCentral.
Cybersecurity experts note that the case highlights a persistent challenge: human error in cloud configuration remains one of the most common causes of large-scale data leaks, even among top-tier enterprises striving for digital resilience.
To delve deeper into this topic, visit SDxCentral.
