[ By Titus Manickam Rock ]HCL, an IT services giant, left passwords and other sensitive data pertaining to its employees exposed online making it available to anyone eagerly on the lookout for such critical information. Although it could not be verified if such illicit acceptance of the information was availed of, a slip of such nature is inexcusable.Information inadvertently exposed belonged...
HCL, an IT services giant, left passwords and other sensitive data pertaining to its employees exposed online making it available to anyone eagerly on the lookout for such critical information. Although it could not be verified if such illicit acceptance of the information was availed of, a slip of such nature is inexcusable.
Information inadvertently exposed belonged to the company’s Human Resource Department that contained data of new employees numbering over fifty four such employees. Information such as the candidate’s ID, mobile number, joining date, joining location, recruiter SAP code, recruiter’s name, user name, password, offer accepted and link to the candidate were exposed. By any standard, this information is enough to jeopardize information pertaining to the company’s ongoing projects or projects in the making for foreseeable future.
The exposed information had the potential to gain further access into the company’s sensitive systems or even send legitimate-looking phishing emails to others in the company or its customers. It was critical for HCL to order an enquiry into the incident to know the reason or reasons for such exposure for punitive measures and other action to ensure such incidents do not recur.
In the era of information technology, employee’s data, company’s projects, trade secrets, status of project deployments, etc. are vital and top IT entities are known to use these to poach on each other’s personnel and projects. Even cursory information about the section an employee reported to was enough to gain valuable information for competitors.
Understandably, HCL spokesperson quickly dismissed the incident as a non-starter brushing it off saying, "HCL Technologies takes data security extremely seriously. Immediately after learning of the issue we took action and resolved it quickly. Our team is in the process of conducting a thorough review to determine precisely what occurred and implement measures to ensure it does not happen again."