Expert On Breach: Regus Sales Staff Data Exposed After Huge Data Breach

Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review.

Sales staff at Regus had been recorded showing researchers posing as clients around office space available to rent.

Information about the employees was later published on Trello, a task-management website, and a spreadsheet with names, address and job performance data was found via Google by the Telegraph newspaper.

Experts Comments

January 21, 2020
Prash Somaiya
Technical Program Manager
HackerOne
Such a breach as this is so easily avoidable and like with many incidents, was simply caused by human error rather than anything malicious. Where companies now rely on so many digital services to do all aspects of their work, they need to make sure that they extend identity management and security best practices to the third party agencies that they work with. Having a basic level of security practices regardless of a company’s function will start to be expected by customers wanting to do.....Read More
Such a breach as this is so easily avoidable and like with many incidents, was simply caused by human error rather than anything malicious. Where companies now rely on so many digital services to do all aspects of their work, they need to make sure that they extend identity management and security best practices to the third party agencies that they work with. Having a basic level of security practices regardless of a company’s function will start to be expected by customers wanting to do business and without offering those assurances, businesses could start to suffer if found to be lacking in security awareness and process. Regus and its supplier were quick to respond once discovered, which we can take as a demonstration of how seriously organisations are taking data breaches these days.  Read Less
January 21, 2020
Paul Bischoff
Privacy Advocate
Comparitech
This exposure is yet another example of the fact that when you entrust your personal data to a company, you're also entrusting it to all the third-party providers and vendors that company contracts with. In this case, Applause's provider didn't seem to make much of an effort to secure anything. According to reports, there was no encryption, no access control, and no operational security used to keep these performance reviews out of the wrong hands.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts