News and Updates on Information Technology

United Kingdom – FastTrack Reflex Recruitment

Exploit: Misconfiguration

FastTrack Reflex Recruitment: Staffing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.882 = Severe

FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.780 = Severe

In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed

Customers Impacted: 21K applicants

How it Could Affect Your Customers’ Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.

 

source: https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/