Job-related information belonging to hundreds of thousands of individuals in a Michael Page database was exposed online by Capgemini.
The firm Capgemini has inadvertently published a database of the Michael Page company, a company owned by PageGroup and specialized in recruiting.
The data leak has accidentally exposed job-related records of hundreds of thousands of individuals.
Michael Page has notified customers that their personal information was inadvertently exposed. Leaked records include names, email addresses, encrypted passwords, phone numbers and job-related information.
The France firm Capgemini provides IT services to Michael Page, its staff has accidentally exposed a Michael Page backup database containing roughly 30 Gb of SQL files.
The data leak was first reported by the popular security expert Troy Hunt who manages the breach notification website haveIbeenpowned.com. Troy Hunt received information of the Capgemini data breach in October from the same person who reported him the data leak that exposed records of the Australian Red Cross Blood Service (550,000 personal records exposed).
PageGroup and Capgemini determined that the backup was related to a testing environment for the PageGroup websites.
The archive includes 780,000 unique email addresses and job-related information.
“I’ll refer to Michael Page’s disclosure a little later on, but what I will say here is that there were over 780k unique email addresses in that one file and plenty of data relating to candidates’ jobs such as cover letters relating to their experience.” wrote Hunt.
PageGroup tried to downplay the incident saying that data is unlikely to be used for illegal purposes because only Hunt and the person who discovered the data leak accessed the information, and anyway both destroyed the database they had.
“We have ensured the website is secure. We are treating this issue very seriously and are working with our IT vendor, Capgemini as a matter of urgency to fully investigate how this incident occurred and to put in place measures to ensure it does not happen again,” reads the statement published by PageGroup. “Capgemini fully manage our PageGroup websites and is regarded as a global leader in consulting, technology and outsourcing services. It has all the appropriate security certificates and ISO certifications in place, which we believed would ensure that the website environments would be secure and safe in their hands.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.