Cisco finds itself in an embarrassing position this week after it admitted that one of its websites had leaked the personal details of job applicants.
The leak is especially embarrassing for the firm, as it prides itself on its security credentials. Indeed, it is a major player in the security market and earlier this year bolstered its cloud security offerings with the acquisition of CloudLock.
The leak seems to have occurred on the mobile version of its Professional Careers website, and the firm insisted only “limited” personal information was leaked.
In a letter sent to the US attorney general, Cisco said the flaw had been spotted by an independent security researcher who “discovered that a limited set of job application related-information from the Cisco Professional Careers mobile website was accessible.”
Cisco blamed the fault on an “incorrect security setup” after system maintenance had been carried out.
So what information was leaked?
Well while it didn’t involve the leak of personal banking details, the leak was about as bad as it can get, as the data included names, addresses, emails, telephone numbers, usernames, passwords, answers to security questions, education, profile information, gender, race etc.
This type of personal information of course is goldmine for criminals looking to carry out fraud or identity theft.
Even worse, this information was exposed twice. Once between August and September 2015, and then again from July to August 2016.
So not only did Cisco make this mistake twice, it also seems that it failed to encrypt the data, or hashed the passwords.
Cisco has advised people to change their login, passwords, and security questions. It has also said that users can have 90 day fraud alerts placed on their accounts.
“We do not believe that the information was accessed by anyone beyond the researcher who found and reported the issue,” said Cisco. “However, there was an instance of unexplained, anomalous connection to the server during that time, so we are taking precautionary steps.”
“In the event of information being unintentionally disclosed, we respond immediately to remedy the issue, notify the affected parties, and put additional protections in place,” Cisco told TechweekEurope via email.
“On November 2, 2016, Cisco notified users about an incident where a limited set of job application information was accessible from Cisco’s Professional Careers mobile website.” it told us.
“We take the protection of personal data very seriously, and apologise for any concern or inconvenience this incident may have caused.”
What do you know about Internet security? Find out with our quiz!
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…