Personal details of 70,000 job seekers leaked in hack of global consultancy firm Capgemini
12 Nov 2016
Global consultancy Capgemini had reportedly leaked data relating to recruitment firm Michael Page by publishing it on a publicly accessible development server.
Research by IT blogger Troy Hunt revealed that the incident had affected around 780,000 people who were registered with the recruitment firm. In a letter, published by Graham Clulely, anti-virus industry expert, Michael Page stated that it came to know on 1 November that an unauthorised ''third party illegally gained online access to a development server used by our IT provider, Capgemini for testing PageGroupwebsites.''
It said, ''We are sorry to tell you that the details you provided as part of your recent website activity have been identified as amongst those accessed. We know people care deeply about their data being protected so wanted you to hear this from us.''
According to Michael Page, it immediately locked down its servers and secured all possible entry points. ''We carried out a detailed investigation into the nature of what happened. To reassure you, we know that the data was not taken with any malicious intent. We have requested that the third-party destroys or returns all copies of the data. They have confirmed that they have already destroyed it and we are confident that they have done so.''
In what was claimed to one of the biggest security breaches to hit a UK firm, job candidates in the UK, Holland and China had been sent emails informing them of the data breach.
In the email obtained by The Mirror, PageGroup marketing director Eamon Collins told the 711,000 candidates that the company had learned on 1 November that "an unauthorised third party illegally gained online access to a development server".
Among the data field accessed were email addresses, telephone numbers, their location, job sector and type and the covering message.