Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Capgemini inadvertently leaks data of recruitment firm Michael Page

Job-related information belonging to hundreds of thousands of individuals in a Michael Page database was exposed online by Capgemini. The firm Capgemini has inadvertently published a database of the Michael Page company, a company owned by PageGroup and specialized in recruiting. The data leak has accidentally exposed job-related records of hundreds of thousands of individuals. Michael Page has notified […]

Capgemini inadvertently leaks data of recruitment firm Michael Page

Job-related information belonging to hundreds of thousands of individuals in a Michael Page database was exposed online by Capgemini.

The firm Capgemini has inadvertently published a database of the Michael Page company, a company owned by PageGroup and specialized in recruiting.

The data leak has accidentally exposed job-related records of hundreds of thousands of individuals.

Michael Page has notified customers that their personal information was inadvertently exposed. Leaked records include names, email addresses, encrypted passwords, phone numbers and job-related information.

The France firm Capgemini provides IT services to Michael Page, its staff has accidentally exposed a Michael Page backup database containing roughly 30 Gb of SQL files.

The data leak was first reported by the popular security expert Troy Hunt who manages the breach notification website haveIbeenpowned.com. Troy Hunt received information of the Capgemini data breach in October from the same person who reported him the data leak that exposed records of the Australian Red Cross Blood Service (550,000 personal records exposed).

PageGroup and Capgemini determined that the backup was related to a testing environment for the PageGroup websites.

The archive includes 780,000 unique email addresses and job-related information.

“I’ll refer to Michael Page’s disclosure a little later on, but what I will say here is that there were over 780k unique email addresses in that one file and plenty of data relating to candidates’ jobs such as cover letters relating to their experience.” wrote Hunt.

capgemini-data-leak

PageGroup tried to downplay the incident saying that data is unlikely to be used for illegal purposes because only Hunt and the person who discovered the data leak accessed the information, and anyway both destroyed the database they had.

“We have ensured the website is secure. We are treating this issue very seriously and are working with our IT vendor, Capgemini as a matter of urgency to fully investigate how this incident occurred and to put in place measures to ensure it does not happen again,” reads the statement published by PageGroup. “Capgemini fully manage our PageGroup websites and is regarded as a global leader in consulting, technology and outsourcing services. It has all the appropriate security certificates and ISO certifications in place, which we believed would ensure that the website environments would be secure and safe in their hands.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Capgemini, data leak)