Jobseeker data leak

Updated: Oct 15, 2021

The National Cyber Security Centre (NCSC) has reported that tens of thousands of job seekers had their data leaked due to a misconfigured cloud account.

An unprotected and insecure AWS S3 bucket has been identified as the cause of the issue, which saw 5GB of data comprising 21,000 files become exposed.

CVs containing personal information such as names, email addresses, phone numbers, home addresses, and social Network URLs were exposed in the leak.

UK citizens were primarily affected although information from users in Europe, Western Asia, and the US was also included in the leak.

Leaked data can be used by cyber-criminals to conduct a wide range of illegal activities including address fraud and identity theft.

The cause of this leak is believed to be human error on the part of the company’s IT team / services provider, though the bucket has now been secured, according to the research team at Website Planet.

Large stores of data are of particular risk as they are a tempting target for attackers; the NCSC has published advice on how to adequately protect such information.

Any organisation that has been affected by data breaches, as well as their customers, should be aware of the phishing threats which follow these incidents.

For more updates on scams to look out for and helpful hints to keep you and your data safe, sign up to our FREE newsletter and consider sharing this article to spread awareness and keep those around you safe.

The National Cyber Security Centre (NCSC) and National Police Chiefs Council (NPCC) are working together to support the establishment of Regional Cyber Resilience Centres (CRCs). The CRCs represent a significant opportunity for the NCSC to expand the reach of its guidance and services to smaller organisations across the country, and provide an extra level of practical support to enhance their impact. The NCSC is currently assisting the NPCC in determining the suite of cyber security services that the CRCs will be able to offer.