HCL exposed employee passwords, project data: Australian security firm
HCL Technologies, India's third largest IT services firm, left employee passwords, customer project details, and other sensitive information exposed online, but it fixed the issue when notified, said an Australian cyber security start-up.
Upguard, in a blog post on its website, on Tuesday said a file containing customer keywords was publicly accessible, as were some pages with personal and business data.
"A dashboard for new hires included records for 364 personnel. The oldest were from 2013, but over two hundred records were from 2019. In fact, 54 of the records were for people who joined on May 6, 2019. The exposed data included candidate ID, name, mobile number, joining date, joining location, recruiter SAP code, recruiter name, created date, user name, cleartext password, BGV status, offer accepted, and a link to the candidate form. Among those data points, the most obvious risk is that the passwords could be used to access other HCL systems to which these employees would be given access," the blog noted.
However, upon reaching out to the data protection officer, whose details were available on the website, the issue was fixed.
"HCL Technologies takes data security extremely seriously. As soon as this incident was reported, HCL took immediate action to block the inadvertent access. Based on our investigation of this specific issue, we have determined that no sensitive employee or customer data was accessed, compromised or exposed in any way, per any applicable privacy regulations. We remain deeply committed to the values of trust and transparency that underpin our relationship with our employees and customers. If there is any further information relevant to this incident, we will provide an update," said a company spokeswoman in an email response.
Industry: Cyber Security News
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
- SailPoint Consultant
- Upto €80,000
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.
- Contact 12 month- Security Operations- Tanium Engineer / Analyst.
- United Kingdom
- Dependent on experience
Security Operations engineer / Analyst with Tanium for a 12 month contract. Experience configuring using, managing, supporting troubleshooting Tanium's suite of end point solutions is essential. The opportunity is due to a client expanding its international capability to a follow the sun model. To be involved in spinning up a European capability. Based in the UK. English essential and ideally being fluent in French.