Lessons from Carbonite Lawsuit: Why Backup Vendor Due Diligence is Crucial

In the world of cloud backup, entrusting your valuable data to a third-party provider requires a great deal of faith and due diligence. However, the story of Carbonite, a once prominent cloud backup provider, serves as a stark reminder of the risks involved when that trust is misplaced.

(This blog post summarizes the main points of my latest podcast episode. If you’d like, you can listen to it here: https://www.backupwrapup.com/carbonite-lawsuits-cloud-backup-cautionary-tale)

Carbonite’s troubles began in 2009 when the company was caught posting fake reviews on Amazon, just months before a major data loss incident that affected thousands of customers. The incident revealed that Carbonite had been using inadequate storage arrays without proper redundancy, resulting in permanent data loss for some customers.

Despite marketing itself as an enterprise-grade backup solution, Carbonite’s actions showed a lack of commitment to backup best practices and customer data protection. The company’s reluctance to take responsibility for the data loss and its decision to publicly blame hardware vendors only added to the controversy.

As if that weren’t enough, Carbonite found itself embroiled in another scandal just before its acquisition by OpenText in 2019. The company claimed to have released a new backup product that allegedly never successfully backed up customer data, leading to a class-action lawsuit settled for $27.5 million in 2024.

So, what can backup customers learn from Carbonite’s experience? First and foremost, it’s crucial to thoroughly vet potential backup providers. Don’t simply take marketing claims at face value; investigate the company’s track record, including any history of data loss incidents or lawsuits.

When evaluating a cloud backup provider, ask detailed questions about their data redundancy practices, geo-separation of data copies, and SLAs around availability and recovery. A reputable provider should be transparent about their backup infrastructure and have robust measures to ensure customer data is protected.

Additionally, be cautious of providers that seem reluctant to take responsibility for issues or are quick to blame external factors. A true partner in data protection will be upfront about challenges and work diligently to resolve problems while keeping customers informed.

Ultimately, the Carbonite story highlights the importance of being an informed and proactive backup customer. While cloud backup can offer convenience and cost savings, it’s essential to remember that not all providers are created equal. By doing your due diligence and choosing a provider that prioritizes data protection and transparency, you can minimize the risk of falling victim to inadequate backup practices and costly legal battles.

In the end, your data is your responsibility. Don’t let the allure of marketing claims (or low prices) blind you to the real-world risks of entrusting your backups to a third party. Learn from Carbonite’s mistakes, ask the right questions, and choose a backup partner that truly has your best interests at heart.

Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data