The firm Capgemini has inadvertently published a database of the Michael Page company, a company owned by PageGroup and specialized in recruiting.
The data leak has accidentally exposed job-related records of hundreds of thousands of individuals.
Michael Page has notified customers that their personal information was inadvertently exposed. Leaked records include names, email addresses, encrypted passwords, phone numbers and job-related information.
The France firm Capgemini provides IT services to Michael Page, its staff has accidentally exposed a Michael Page backup database containing roughly 30 Gb of SQL files.
The data leak was first reported by the popular security expert Troy Hunt who manages the breach notification website haveIbeenpowned.com. Troy Hunt received information of the Capgemini data breach in October from the same person who reported him the data leak that exposed records of the Australian Red Cross Blood Service (550,000 personal records exposed).
PageGroup and Capgemini determined that the backup was related to a testing environment for the PageGroup websites.
The archive includes 780,000 unique email addresses and job-related information.
“I’ll refer to Michael Page’s disclosure a little later on, but what I will say here is that there were over 780k unique email addresses in that one file and plenty of data relating to candidates’ jobs such as cover letters relating to their experience.” wrote Hunt.
PageGroup tried to downplay the incident saying that data is unlikely to be used for illegal purposes because only Hunt and the person who discovered the data leak accessed the information, and anyway both destroyed the database they had.
“We have ensured the website is secure. We are treating this issue very seriously and are working with our IT vendor, Capgemini as a matter of urgency to fully investigate how this incident occurred and to put in place measures to ensure it does not happen again,” reads the statement published by PageGroup. “Capgemini fully manage our PageGroup websites and is regarded as a global leader in consulting, technology and outsourcing services. It has all the appropriate security certificates and ISO certifications in place, which we believed would ensure that the website environments would be secure and safe in their hands.”
(Security Affairs – Capgemini, data leak)