Incredible as it may seem, human factor oversights remain the leading cause of incidents related to company’s employees and clients data protection and security.
The most recent error was filed at Regus, whose sales staff was subjected to labor performance research. This seemed like a conventional process, until the personal information collected during this exercise was entered into a spreadsheet and published on Trello, a project management platform.
Surprisingly for Regus human resources staff, a
Telegraph journalist found the spreadsheet using a conventional web browser;
the exposed file contained names, addresses and the result of the company’s
employee evaluation. The spreadsheet even contained the data of some of the
people who collaborated in the research posing as potential customers.
On the other hand, the company issued a
statement mentioning: “Our team members are aware that they are monitored
for training purposes. We have received a troubling report regarding external
access to this data, an incident that resulted in the publication of this
information on a public platform,” says the company’s data protection
Regus immediately notified Trello’s team that
he removed the exposed material immediately. However, the problems will not end
here, as the incident must be notified to the UK Information
Commissioner’s Office (ICO), currently run by Elizabeth Denham.
Finally, Applause, a company hired to carry out
the evaluation of Regus personnel, issued a statement mentioning: “We have
conducted an internal audit to rule out the possible presence of some
third-party software operating stealthily in our networks. Finding no evidence
of malicious activity, we concluded that the incident occurred due to
Although the amount of personal information
committed in this incident is not really high, data protection specialists from
the International Institute of Cyber Security (IICS) point to the worrying
number of incidents of exposure of information caused by simple oversights of
staff in charge of managing these implementations. In the most serious cases,
these incidents can leak highly sensitive information from hundreds of
thousands, or even millions of users of online services and platforms.