Michael Page loses personal data of millions of jobseekers
Global recruitment company Michael Page has exposed personal information of millions of jobseekers. Troy Hunt, security researcher and owner of the breach notification site HaveIBeenPwned.com said on his blog that nearly 2 weeks ago on 30th October he was alerted to the exposed data by a contact who sent over a file indicating it was sourced from the UK as a proof. It was a 362Mb compressed file which extracted out to 4.55GB and held personal information of 780,000 people in the UK.
Pointing the finger?
“We are deeply disappointed that this breach occurred and wish to apologise to those affected,” said a Michael Page spokesperson. “Due to the nature of the data, there is limited risk of fraudulent activity for those affected.”
“All of the individuals affected have been sent an email, which details the level of information that was accessed. We are working closely with Capgemini to investigate how this incident occurred. We are also working hard to put measures in place to ensure that an incident of this nature does not happen again.”
Mark Oakton, Security Director at Infosec Partners commented: “We have already had issues with UK clients, not only concerned about the data breach at Michael Page, but the data (email addresses, names, etc) have already been used in other scams several days ago. Very interesting that Michael Page seems to point the finger at Cap Gemini so early attempting to shift all the blame – its clear that apart from the loss of personal data, which is a Data Protection Act (DPA) breach – the data in a development environment is mandated to be anonymised, clearly this didn’t happen either.”
A Capgemini spokesperson said in a statement “We have worked very closely with PageGroup to investigate this incident. Our work has established that this was not a malicious attack and we are not aware of any broader dissemination of data or fraudulent activities as a result of the incident.”
Infosec Partners can help
With the exposure of sensitive data held by Michael Page, it is clear that something happened that shouldn’t have here. From the information gathered through reports, it also appears that several best practices in relation to treating sensitive data have not been followed.
Worried about the state of your organisations’ cyber readiness?
The threat of cyber attacks are affecting us like never before. Hardly a week goes by without news that some well known organisation has been breached. The boundaries between our public, work and private lives have never been more blurred and our dependence on electronic communication and internet connectivity means there are many more avenues of attack for criminals who are actively targeting our personal and financial data, safety and reputation.
From significant global organisations to high profile individuals and families, Infosec Partners are trusted to optimise defences and protect against cyber attacks. Whether providing fully managed security services, independently testing your cyber readiness or providing crisis management and responding to incidents, Infosec Partners are proven partners of excellence and full-spectrum security experts that puts your security first.
Contact us today for more information and for your free consultation, by completing the adjacent form or call us to speak with one of our trusted advisors immediately:
+44 (0)1256 893662