Exclusive The personal chat histories of 145,000 Microsoft Teams users at KPMG were inadvertently and permanently deleted last week, thanks to an IT blunder.
That’s according to an internal email by Global CIO John Applegate, seen by The Register today, to other IT leaders within the organization on Friday.
Evidently, the accountancy giant’s Global Technology & Knowledge (GT&K) group attempted to remove a single user’s account from an active retention policy on Saturday, August 15. But the operation didn’t go as planned.
This error resulted in the deletion of chat history from end users throughout KPMG
“In the execution of this change, a human error was made and the policy was applied to the entire KPMG Teams deployment instead of the specific account,” said the internal memo. “This error resulted in the deletion of chat history from end users throughout KPMG.”
Two KPMG spokespeople reached by phone said they were unaware of the message, though promised to make inquiries to colleagues to confirm its authenticity. They later declined to comment.
The incident’s impact, the message said, varies across the company’s network, affecting some groups more than others. Though the applicable retention policy has since been reverted, the effects of the chat deletion may persist through Monday, August 24.
That may be to be something of an understatement since the chat discussions at issue are said to have vanished forever. “Microsoft has confirmed the Teams chat data is not recoverable,” the message explains.
Only personal chats were lost, it’s claimed, not chats conducted as part of a Teams meeting or Teams channel, and not any files uploaded to personal chat threads.
Putting the d’oh! in Adobe: ‘Years of photos’ permanently wiped from iPhones, iPads by bad Lightroom app update
Microsoft, supposedly, put the number of affected accounts at 145,000 and is expected to provide an update on Monday. We asked Microsoft to comment on the situation and we’ve not heard back.
“It is highly likely that all countries have a number of users that will experience loss of ‘chat’ data and member firms are advised to set users’ expectations accordingly,” the message says.
While GT&K is dealing with the incident, changes to KPMG’s Teams environments are said to have been put on hold and service requests can be expected to receive greater scrutiny, including a product management review and a “four-eyed” check process – approval will require two people instead of just one.
The IT group is also said to be working with Microsoft “to improve policy design and behavior in Microsoft Teams” – make the app less dangerous to data – and “to automate service execution and remove human intervention in policy management” – reduce the role of problem-prone people.
The message says that on the Global CIO Steering Group call on August 19, several CIOs stressed that personal chats should not be used to store essential business data, adding that they’ve said as much to their respective organizations. The sender suggests that IT leaders reading the note might want to make similar recommendations within their own organizations. ®
Tell us something we don’t know: Tip us off securely.