Unsecured AWS servers belonging to two online recruitment firms – U.S.-based Authentic Jobs and Sonic Jobs in the U.K. – have exposed more than 250,000 CVs of job candidates.
Authentic Jobs, used by the likes of the New York Times and EY, took the biggest hit with 221,130 CVs exposed to the public, according to a SkyNews report. At Sonic Jobs, which specializes in recruitment for retail and restaurant jobs and is used by hotel chains Marriott and InterContinental, had at least 29,202 CVs made publicly accessible.
“When you apply for a job, you share sensitive personal data with the jobs board and the companies to which you’re applying. It’s their responsibility to protect that information from disclosure,” said Tim Erlin, vice president, product management and strategy at Tripwire.
Among the information potentially exposed are names, addresses, job histories and phone numbers.
“An unfortunate consequence of this is that more than
200,000 CVs have now been exposed online,” said Nominet Vice President Stuart
Reed. “Even more worrying is that Amazon buckets come secure by default, so
these companies have changed the settings at some point to allow anyone to view
their data; demonstrating a significant lack of security understanding and best
practice procedures.”
Reed said that two online recruitment firms exposed “shows
that it’s not an isolated case.”
Organizations that use “cloud storage must regularly audit
the permissions to ensure these kinds of breaches don’t happen,” Erlin said.
That includes raising awareness of potential security
weakpoints when it comes to protecting data, particularly in the cloud. “Poor
awareness has led to the exposure of sensitive information, which could now be
used for a range of further criminal activities,” said Reed, noting the widened
digital surface of attack in cloud environments. “Regardless of the security
that cloud services deliver, companies need to take responsibility and ensure
they have a multi-layered approach to their security; including people,
processes and technology.”
0 Commentaires