Security researcher Troy Hunt has exposed UK based recruitment firm Michael Page for a 30GB data archive breach, which contained data on 780,000 job applicants.
The data allegedly included names, email addresses, passwords, cover letters and job histories. A development server containing the compromised information is said to have been operated by Capgemini, the firm’s IT supplier.
“The compromised development server was allegedly operated by Capgemini, that didn’t anonymise the data which would have protected it from being exposed.”
It has been good industry practice for some time to anonymise real data in testing environments after previous similar leaks going back many years at other organisations, including at financial institutions.
Since the data leak, which happened earlier this month, Michael Page has said there was no malicious intent from the third party that captured the data. The recruitment firm however was still forced to write to the 780,000 job applicants contained in the affected data, informing them of the breach.
Bushby added: “It is fundamental that businesses take responsibility for scrutinising their partners’ security prowess.
“The new forthcoming GDPR (General Data Protection Regulation) puts more emphasis on data processes as well as data owners, in which case both Michael Page and Capgemini would be responsible – rather than just Michael Page as it is currently.”
@AntonySavvas
Security vendor Flashpoint debuts partner programme following $28m funding
Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture
Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”
Ensono highlights importance of mainframes still to major industries
Security vendor VASCO looks to replicate UK and German set up across EMEA
Splunk details investment in Partner+ programme at .conf2017
