Data breach exposes personal info of jobseekers

More than 6,000 CVs and covering letters allegedly surfaced online

Data breach exposes personal info of jobseekers

A recruitment firm working for Australian real estate network First National has been linked to an incident of data breach after thousands of CVs and covering letters from candidates were allegedly leaked online.

The recruitment agency Sales Inventory Profile reportedly handled candidate screening for First National, collecting personal information and requiring jobseekers to upload their CV in the process.

A data breach allegedly exposed the full names, addresses, educational background, and employment history of job candidates, according to Gareth Llewellyn, an information security specialist for Brass Horn Communications, who first detected the leak.

Llewellyn said he found an indexed Amazon S3 bucket that contained more than 6,000 CVs and covering letters.

First National denied responsibility for the breach and said it was “dependent upon” Sales Inventory Profile to follow necessary security protocols.

“We are working with our affected offices, and more importantly, any applicants that have been affected,” said Ray Ellis, CEO at First National. The company said it has notified the Office of the Australian Information Commissioner.

HRD has reached out to Sales Inventory Profile for comment.

PageUp, another talent management software company based in Australia, also suffered a data breach last year when malicious activity was discovered on its IT system.

The malware attack exposed the personal data of thousands of jobseekers who used the recruitment site, HR Tech News reported in June.