Assess the Risk of Browser Extensions Installed in Your Browser. Add to Chrome.×
Home » Spin.AI Blog » SaaS Backup and Recovery » Google Cloud Data Loss: UniSuper Incident Reveals the Need of Cloud Backup and Disaster recovery Planning
June 6, 2024 | Reading time 7 minutes

Google Cloud Data Loss: UniSuper Incident Reveals the Need of Cloud Backup and Disaster recovery Planning

Author:
Avatar photo

Vice President of Product

Why Cloud Backups are Needed

More and more businesses, from small to large, are relying on hyperscale cloud storage to store their business-critical data. Google Workspace is one of the leading SaaS offerings in the public cloud space. It is known for its modern features and capabilities, including its cloud storage. However, a recent headline gives pause to the notion that cloud data can’t be lost. It saw a major consumer of Google Cloud storage lose a large chunk of valuable data and experience service disruption.

UniSuper Incident: A Costly Mistake

A Google Cloud mishap led to the complete deletion of the account of UniSuper, a $135 billion Australian pension fund. UniSuper provides services similar to a 401k, which Australian organizations pay into the fund. The outage caused by this incident lasted nearly two weeks, beginning on May 2 and ending on May 15. 

Close up of delete button

What services were affected?

It affected numerous services for the fund’s 615,000 members, including being able to log into their accounts on mobile or desktop devices. Also, transactions were not able to be processed during the outage.

Not only did Google delete the entire production data store for the consumer, but it also deleted Unisuper’s account backups. Unisuper designed its Google infrastructure with best practices in mind, such as having two separate geographic locations in case of a disaster. Unfortunately, the deletion of Unisuper’s data was not limited to a single region. Data was deleted across both regions.

Fortunately for UniSuper, they also had another third-party backup solution they had chosen to back up their cloud data. The unintentional data deletion and outage highlight the vulnerabilities of housing critical data in the cloud without proper data protection. 

How did the accidental deletion happen?

The incident began when a routine Google Cloud maintenance operation had issues. Google’s cloud services operate on a myriad of automated processes, which are typically reliable. However, during a scheduled update, a bug in the system’s code triggered the automated deletion tasks to target live data rather than temporary or obsolete data, including the pension fund account.

Close up of a tablet with google logo

UniSuper CEO and Google Cloud CEO posted a joint statement on what happened and what steps were taken to resolve the issue. You can read that statement here: A joint statement from UniSuper and Google Cloud | UniSuper

The Domino Effect

Once the deletion process started, fail-safes that should have prevented a mass deletion of data did not activate as expected. The deletion continued unchecked. While engineers worked to stop the data deletion from progressing, it was complicated by the scale and speed of the deletion process. The affected data included crucial records for the $135 billion pension fund and data from various other accounts caught in the crossfire.

Immediate Response

Google immediately responded by trying to restore the deleted data from backups. However, recovering the data was not straightforward and may have been slowed due to even the backups being affected. Due to the size of the data and how it was deleted, recovery efforts were complicated. The entire process of recovering the critical data took nearly two weeks. During this time, affected users were without access to their critical data.

Why Cloud Backups are Essential

The recent cloud data loss event involving UniSuper is a sobering reminder of why cloud backups are vital for organizations storing their critical data in the cloud. Relying solely on a single cloud service provider for data storage is a risk that can lead to disastrous consequences. Unexpected outages or massive failure events can lead to data loss events. 

The shared responsibility models of cloud providers place the burden of responsibility for the actual data on the customer. It means that organizations are solely responsible for making sure their data is protected in case data recovery is needed. 

Read Google’s shared responsibility and shared fate documentation here: Shared responsibilities and shared fate on Google Cloud.

SpinBackup: A Robust Solution to back up your cloud data

SpinBackup is a powerful third-party cloud-to-cloud backup tool designed to provide additional security for your cloud data. SpinBackup offers several key features that make it a top-notch data protection tool for organizations using SaaS environments:

  • Automated Daily Backups – SpinBackup automates the backup process. It eliminates manual processes and makes sure your data is continuously protected. Daily backups mean your data is never over 24 hours out of date, minimizing the risk of significant data loss.
  • Store backups in different cloud storage – Spinbackup is a unique solution among competitors. It allows organizations to choose which cloud provider is used for backup storage and the region. This configuration enables organizations to select a completely different cloud provider for backups instead of production storage. It helps eliminate the chance of a single cloud failure, taking down production and backup data access.
  • Ransomware Protection – One of the standout features of SpinBackup is its ransomware protection. In a ransomware attack, SpinBackup can quickly restore your data to the state before the attack, ensuring business continuity and minimizing downtime. This process can be automated if admins choose, allowing Spinbackup to identify and restore affected data without admin intervention.
  • Data Loss Prevention – SpinBackup works in conjunction with other features of SpinOne and adds advanced data loss prevention features. It monitors your cloud environment for suspicious activity, alerting you to potential threats and enabling you to protect your data proactively.
  • Compliance and Security – SpinBackup helps businesses meet compliance objectives by providing secure and reliable backup solutions. It aligns with secure security protocols and helps organizations have peace of mind that data is protected to the highest standards.

With Spinbackup, organizations can download affected data or restore data back to the originating cloud storage environment.

Wrapping up

The recent accidental deletion of UniSuper’s critical data from Google Cloud highlights the importance of cloud backups in protecting critical infrastructure and data in the cloud. Even having backups and replicas spread across multiple regions did not protect the data from deletion. 

Also, backups contained in Google Cloud infrastructure were deleted along with production data. Only the third-party cloud backups were able to recover lost data.

Even the systems of state-of-the-art hyperscale cloud providers are not foolproof, as shown in this latest Google Cloud data deletion debacle. To prevent catastrophic data loss, cloud backups are absolutely essential. SpinBackup provides modern cloud backups that protect against threats like ransomware. It helps businesses effectively backup and recover data in the face of unforeseen events. For organizations looking to safeguard their data housed in cloud service providers like Google. Using Spinbackup, businesses effectively backup and recover data in the face of unforeseen events.
To learn more, request a demo of SpinBackup or start a free 15-day trial.

Was this helpful?

Thanks for your feedback!
Avatar photo

Written by

Vice President of Product at Spin.AI

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.


Featured Work:
Webinar:

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

Midnight Blizzard Attack on Microsoft: Key Lessons for Strengthenin...

Midnight Blizzard Attack on Microsoft: Key Lessons for Strengthening Your SaaS Security From November 2023...

Avatar photo

Product Manager

Read more
SaaS backup and application governance

Why a Reliable Backup Plan is Your Best Defense Against Cybersecuri...

…and the Most Boring Way to Protect Your Organization I’ve written about the importance of...

Avatar photo

Google Workspace Ambassador

Read more

Why Google Drive Backups Are Important

Google Drive offers customers a unique blend of robust security features to keep their data...

Courtney Ostermann - Chief Marketing Officer Spin.AI

Chief Marketing Officer

Read more