HCL exposed employee passwords, project data: Australian security firm
.jpg)
HCL Technologies, India's third largest IT services firm, left employee passwords, customer project details, and other sensitive information exposed online, but it fixed the issue when notified, said an Australian cyber security start-up.
Upguard, in a blog post on its website, on Tuesday said a file containing customer keywords was publicly accessible, as were some pages with personal and business data.
"A dashboard for new hires included records for 364 personnel. The oldest were from 2013, but over two hundred records were from 2019. In fact, 54 of the records were for people who joined on May 6, 2019. The exposed data included candidate ID, name, mobile number, joining date, joining location, recruiter SAP code, recruiter name, created date, user name, cleartext password, BGV status, offer accepted, and a link to the candidate form. Among those data points, the most obvious risk is that the passwords could be used to access other HCL systems to which these employees would be given access," the blog noted.
However, upon reaching out to the data protection officer, whose details were available on the website, the issue was fixed.
"HCL Technologies takes data security extremely seriously. As soon as this incident was reported, HCL took immediate action to block the inadvertent access. Based on our investigation of this specific issue, we have determined that no sensitive employee or customer data was accessed, compromised or exposed in any way, per any applicable privacy regulations. We remain deeply committed to the values of trust and transparency that underpin our relationship with our employees and customers. If there is any further information relevant to this incident, we will provide an update," said a company spokeswoman in an email response.
source businessstandard
Industry: Cyber Security News
Latest Jobs
-
- Senior Client Microsoft Security Delivery Consultant - Hybrid (London | Remote)
- London
- N/A
-
Senior Client Microsoft Security Delivery Consultant - Hybrid (London | Remote) We are seeking an experienced technical Security Consultant to help clients deploy and enhance their cyber defences across Microsoft and vulnerability management technologies. You will work with enterprise customers to deliver tailored solutions across threat detection, endpoint protection and exposure management, ensuring security platforms are efficient, integrated and aligned with operational goals. Whilst you won't do the design yourself- you will work alongside technical Presales to document, agree and then deliver the solution. You will have experience leading delivery the implementation and improvement projects, providing hands-on support with configuration, integration and optimisation. You will assess existing environments, recommend enhancements and guide clients on best practice to strengthen visibility and control. Strong experience with SIEM, XDR and vulnerability tooling (Microsoft & Tenable ecosystems ideal) Understanding of Azure security, identity and access controls Background in consulting or project-based cyber delivery Clear communication skills with the ability to engage senior stakeholders Extra points if you have the SC-100. You must be eligible to achieve UK Security Clearance to be considered for this role.
-
- Account Director | Cyber Security Consulting | UK - South East
- London
- N/A
-
Account Director | Cyber Security Consulting - Financial Services | UK - South East. New Role due to Growth We are looking for an experienced Account Director to develop and expand existing relationships across the financial services sector, working with investment firms, asset managers, private equity groups and strategic partners to deliver intelligent cyber consulting and a bespoke Cyber product offerings. You will act as a trusted advisor, helping organisations strengthen digital resilience, manage third-party and regulatory risk and adopt a proactive approach to cyber assurance. Key Responsibilities Manage a defined portfolio of financial clients, understanding business priorities and aligning tailored cyber solutions. Drive new client engagement while nurturing existing partnerships through a consultative, long-term approach. Present the benefits of advanced cyber services including threat intelligence, vulnerability management, incident readiness, and continuous risk monitoring. Collaborate with technical and delivery teams to ensure smooth engagement from proposal through to implementation and ongoing support. Prepare proposals, negotiate commercial terms, and clearly articulate value and business outcomes. Build trusted relationships at senior and board level. Ideal Profile Strong background in cybersecurity, consulting, or risk management within financial services. Skilled communicator with proven success managing and growing key accounts. Able to translate complex technical insight into commercial and strategic value for clients. Confident engaging with senior stakeholders and decision makers. Please note: Sponsorship is not available.