Exploit: Misconfiguration
FastTrack Reflex Recruitment: Staffing Firm
Risk to Business: 1.882 = Severe
FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,
Individual Risk: 1.780 = Severe
In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed
Customers Impacted: 21K applicants
How it Could Affect Your Customers’ Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.
source: https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/