Expert On Breach: Regus Sales Staff Data Exposed After Huge Data Breach

By   ISBuzz Team
Writer , Information Security Buzz | Jan 21, 2020 03:30 am PST

Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review.

Sales staff at Regus had been recorded showing researchers posing as clients around office space available to rent.

Information about the employees was later published on Trello, a task-management website, and a spreadsheet with names, address and job performance data was found via Google by the Telegraph newspaper.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Prash Somaiya
Prash Somaiya , Technical Program Manager
January 21, 2020 11:34 am

Such a breach as this is so easily avoidable and like with many incidents, was simply caused by human error rather than anything malicious. Where companies now rely on so many digital services to do all aspects of their work, they need to make sure that they extend identity management and security best practices to the third party agencies that they work with. Having a basic level of security practices regardless of a company’s function will start to be expected by customers wanting to do business and without offering those assurances, businesses could start to suffer if found to be lacking in security awareness and process. Regus and its supplier were quick to respond once discovered, which we can take as a demonstration of how seriously organisations are taking data breaches these days.

Last edited 4 years ago by Prash Somaiya
Paul Bischoff
Paul Bischoff , Privacy Advocate
January 21, 2020 11:32 am

This exposure is yet another example of the fact that when you entrust your personal data to a company, you\’re also entrusting it to all the third-party providers and vendors that company contracts with. In this case, Applause\’s provider didn\’t seem to make much of an effort to secure anything. According to reports, there was no encryption, no access control, and no operational security used to keep these performance reviews out of the wrong hands.

Last edited 4 years ago by Paul Bischoff

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x