Data breach exposes personal info of jobseekers

More than 6,000 CVs and covering letters allegedly surfaced online

Data breach exposes personal info of jobseekers

A recruitment firm working for Australian real estate network First National has been linked to an incident of data breach after thousands of CVs and covering letters from candidates were allegedly leaked online.

The recruitment agency Sales Inventory Profile reportedly handled candidate screening for First National, collecting personal information and requiring jobseekers to upload their CV in the process.

A data breach allegedly exposed the full names, addresses, educational background, and employment history of job candidates, according to Gareth Llewellyn, an information security specialist for Brass Horn Communications, who first detected the leak.

Llewellyn said he found an indexed Amazon S3 bucket that contained more than 6,000 CVs and covering letters.

First National denied responsibility for the breach and said it was “dependent upon” Sales Inventory Profile to follow necessary security protocols.

“We are working with our affected offices, and more importantly, any applicants that have been affected,” said Ray Ellis, CEO at First National. The company said it has notified the Office of the Australian Information Commissioner.

HRD has reached out to Sales Inventory Profile for comment.

PageUp, another talent management software company based in Australia, also suffered a data breach last year when malicious activity was discovered on its IT system.

The malware attack exposed the personal data of thousands of jobseekers who used the recruitment site, HR Tech News reported in June.  

 

Recent articles & video

'You can't be what you can't see': Why representation matters

Fired for being pregnant? Worker wins unfair dismissal case

Going hybrid? Here's what to factor in your HR policy

Compensation: What's the law on mental health injuries?

Most Read Articles

Australian HR Awards 2021: HRD reveals this year’s excellence awardees

Facebook gives staff option to go fully remote

Can employees be ‘dismissed’ without being fired?