FILE PHOTO: On February 11, Bengaluru-based Adarsh Developers filed a complaint against AWS, claiming that years’ worth of data was lost.
| Photo Credit: Reuters
The story so far: On February 11, Bengaluru-based Adarsh Developers filed a complaint against Amazon Web Services (AWS), claiming that years’ worth of company and customer data hosted on AWS was lost, resulting in a financial loss of well beyond ₹100 crores.
The loss of data and Adarsh Developers’ decision to take legal action against the tech giant in India has raised questions about security in enterprise-grade cloud storage, the importance of multiple versions of backed-up data, and the legality of such cases.
What exactly happened between the two companies?
In its FIR filed on February 11, Adarsh Developers said that it was using SAP ERP hosted on Amazon cloud to secure the company’s financial data and customers’ personal data.
The real estate firm alleged that in May 2023, AWS’s business development representative Saidalawi Safan advised the company to opt for an upgraded service to secure their data, so as to ward off cyberterrorism or sabotage. They complied. But on January 9, 2025 at 10.48 AM., the company said, the data environment – the entire SAP S/4HANA environment, to be specific – hosted on AWS was completely deleted.
After making inquiries through its partner SAVIC Technologies Pvt. Ltd., Adarsh Developers said that the data loss was a result of the action taken by individuals at Redington, a vendor, and AWS. The participants’ exact actions and the specific allegations against them are not known.
The real estate company further claimed that years’ worth of vital financial records, supply chain data, customer information, and operational insights had become inaccessible. The loss of the data brought its business functions and operations to a complete halt, Adarsh Developers said in their complaint.
The company estimated that the value of the data it lost to around ₹150 crores as of January 31, with approximate losses of ₹5 crores per day starting from January 9.
Adarsh Developers also said that it was unable to collect customer payments, pay statutory taxes, and facilitate interest payments to lenders.
The cybercrime police has registered a case against AWS and others, under the IT Act, Section 318(4) (cheating and fraud), and Section 319(2) (impersonation) of the Bharatiya Nyaya Sanhita.
How might the data have gone missing?
There is a general tendency to think data loss is a result of actions performed by malicious agents, such as hackers or even disgruntled employees. However, there can be a number of reasons behind data loss, especially when teams of vendors, technical partners, clients, service-providers, and consultants work together to keep a company’s complex systems up and running in a secure environment.
One possibility is cloud misconfiguration, which stems from poorly implemented cloud storage settings, bad system architecture, low-quality security infrastructure, unsecured databases, or unmanaged access. Human error is also a common cause for large-scale outages and data loss incidents.
In the FIR, Adarsh Developers cited SAVIC’s claims that some individuals in the Redington and AWS teams were responsible for the data loss, and that, “. . .employees at Redington Group have entered into our storage area at root level and deleted our account completely.”
But It is not possible to pinpoint the exact cause of the data loss and those behind it until a comprehensive forensic investigation is carried out and the results backed up by evidence. For this to happen though, Adarsh Developers, Redington, SAVIC, and AWS will all have to present their claims and technical data to make sure they are in the clear.
What was Amazon’s response
Adarsh Developers claimed that AWS India responded by saying that they could not retrieve the data or restore it, forcing the real estate company to take legal action.
Amazon, however, has refused to accept Adarsh Developers’ allegations.
“The claims against AWS are false. AWS operated as designed and is not responsible for the deletion of Adarsh Developers’ data,” said an AWS spokesperson in response to The Hindu.
The cybercrime investigation is ongoing.
Have similar incidents taken place before?
While the root cause of Adarsh Developers’ data loss incident is not yet clear, some similar incidents involving data loss through cloud services have been recorded in the past.
For example, The Register outlet reported that the Microsoft Azure outage of January 29, 2019 affected Azure SQL databases and also led to some data loss within a certain time window. To compensate users, the company waived a few Azure usage charges for 2-3 months, depending on how the databases were affected, per The Register.
Even before this, code-hosting platform Code Spaces had to shut down after its servers were hit by a DDoS attack and its Amazon Web Service account [Amazon Elastic Compute Cloud (EC2)] was breached by a hacker. Most of the platform’s data and its backups (including offsite backups) were deleted, said Code Spaces.
Published – February 22, 2025 10:20 am IST