Cisco Admits Incorrect Security Setup Caused Job Applicant Data Leak

Cisco finds itself in an embarrassing position this week after it admitted that one of its websites had leaked the personal details of job applicants.

The leak is especially embarrassing for the firm, as it prides itself on its security credentials. Indeed, it is a major player in the security market and earlier this year bolstered its cloud security offerings with the acquisition of CloudLock.

Limited Information?

The leak seems to have occurred on the mobile version of its Professional Careers website, and the firm insisted only “limited” personal information was leaked.

In a letter sent to the US attorney general, Cisco said the flaw had been spotted by an independent security researcher who “discovered that a limited set of job application related-information from the Cisco Professional Careers mobile website was accessible.”

Cisco blamed the fault on an “incorrect security setup” after system maintenance had been carried out.

“The issue was immediately fixed and passwords to the site have been disabled. Because Cisco takes its responsibility to protect information seriously, and since many people use the same passwords on multiple websites, we wanted to alert you to this incident,” it said.

So what information was leaked?

Well while it didn’t involve the leak of personal banking details, the leak was about as bad as it can get, as the data included names, addresses, emails, telephone numbers, usernames, passwords, answers to security questions, education, profile information, gender, race etc.

This type of personal information of course is goldmine for criminals looking to carry out fraud or identity theft.

Even worse, this information was exposed twice. Once between August and September 2015, and then again from July to August 2016.

So not only did Cisco make this mistake twice, it also seems that it failed to encrypt the data, or hashed the passwords.

Cisco Statement

Cisco has advised people to change their login, passwords, and security questions. It has also said that users can have 90 day fraud alerts placed on their accounts.

“We do not believe that the information was accessed by anyone beyond the researcher who found and reported the issue,” said Cisco. “However, there was an instance of unexplained, anomalous connection to the server during that time, so we are taking precautionary steps.”

“In the event of information being unintentionally disclosed, we respond immediately to remedy the issue, notify the affected parties, and put additional protections in place,” Cisco told TechweekEurope via email.

“On November 2, 2016, Cisco notified users about an incident where a limited set of job application information was accessible from Cisco’s Professional Careers mobile website.” it told us.

“We take the protection of personal data very seriously, and apologise for any concern or inconvenience this incident may have caused.”

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

16 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

17 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

17 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

18 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

18 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

19 hours ago