Expert Comments

Expert On Breach: Regus Sales Staff Data Exposed After Huge Data Breach

Expert(s): ISBuzz Staff
Expert(s): ISBuzz Staff

Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review.

Sales staff at Regus had been recorded showing researchers posing as clients around office space available to rent.

Information about the employees was later published on Trello, a task-management website, and a spreadsheet with names, address and job performance data was found via Google by the Telegraph newspaper.

Experts Comments

January 21, 2020
Prash Somaiya
Technical Program Manager
HackerOne
Such a breach as this is so easily avoidable and like with many incidents, was simply caused by human error rather than anything malicious. Where companies now rely on so many digital services to do all aspects of their work, they need to make sure that they extend identity management and security best practices to the third party agencies that they work with. Having a basic level of security practices regardless of a company’s function will start to be expected by customers wanting to do.....Read More
Such a breach as this is so easily avoidable and like with many incidents, was simply caused by human error rather than anything malicious. Where companies now rely on so many digital services to do all aspects of their work, they need to make sure that they extend identity management and security best practices to the third party agencies that they work with. Having a basic level of security practices regardless of a company’s function will start to be expected by customers wanting to do business and without offering those assurances, businesses could start to suffer if found to be lacking in security awareness and process. Regus and its supplier were quick to respond once discovered, which we can take as a demonstration of how seriously organisations are taking data breaches these days.  Read Less
January 21, 2020
Paul Bischoff
Privacy Advocate
Comparitech
This exposure is yet another example of the fact that when you entrust your personal data to a company, you're also entrusting it to all the third-party providers and vendors that company contracts with. In this case, Applause's provider didn't seem to make much of an effort to secure anything. According to reports, there was no encryption, no access control, and no operational security used to keep these performance reviews out of the wrong hands.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Cyberattack Risk to Royal Navy & Britain’s Merchant Fleet

Ethical Hacker Shares Insights On UC San Diego Health Data...

Expert Reaction On Apple Patch Zero-Day Vulnerability

Cybersecurity Comment: IBM Research: Cost of a Data Breach Hits...

Experts On Express MRI Notifies Patients of Data Breach

Experts On Tokyo Olympic Games: A potential Hotspot for Cybercrime

No More Ransomware’ Initiative Reduces Ransom Profits By £850m

Fake Windows 11 Installer Could Destroy PC Data

Apple Release Urgent iPhone Updates But Not For Pegasus Zero-day

MITRE Releases List of Top 25 Bugs, Experts Weigh In

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy