Skip to main content

Regus data breach sees staff performance data published online

(Image credit: Image source: Shutterstock/Ai825)

Personal details, as well as professional performance, of more than 900 employees of Regus have been published online after a mishap following staff review.

The media are reporting that the major office space provider had been recording its staff, with the help of mystery shopping firm Applause, for the sake of training and improving the performance of the employees. The details were subsequently published on Trello, a Kanban-style list-making application.

The Telegraph is saying that a spreadsheet with names, addresses and job performance data was easily found via Google.

"Team members are aware they are recorded for training purposes and each recording is shared with the individual team member and their coach to help them become even more successful in their roles," Regus owner IWG said.

"We are extremely concerned to learn that an external third-party provider, who implemented the exercise, inadvertently published online the outcomes of an internal training and development exercise. "As our primary concern we took immediate action and the external provider has now removed the content."

According to the BBC, the data breach wasn’t reported to the UK's Information Commissioner's Office (ICO). Applause, on the other hand, said it’s changing its security practices following the incident:

"Since being made aware of this issue, we have reiterated our  policies with our worldwide employees and have run an internal audit to confirm that there are no other unapproved third-party software tools being used in any client engagements."