Poor crap Indian H1B design with no concepts of web or database security and done as cheaply as possible.
Its always the fault of the coding team. Thats why you harden stuff.
>> Its always the fault of the coding team.
I suppose you have your reasons for believing that, but you’re factually incorrect.
A careless or malicious administrator could have facilitated the breach. Or an e-mail account was hacked that contained security details about the storage.
Also take into consideration the remote @home work sessions. Maybe someone in management had an Antifa brat at home that decided to browse an active VPN connection.