Co-working company Regus suffers massive data breach

Incredible as it may seem, human factor oversights remain the leading cause of incidents related to company’s employees and clients data protection and security.

The most recent error was filed at Regus, whose sales staff was subjected to labor performance research. This seemed like a conventional process, until the personal information collected during this exercise was entered into a spreadsheet and published on Trello, a project management platform.

Surprisingly for Regus human resources staff, a Telegraph journalist found the spreadsheet using a conventional web browser; the exposed file contained names, addresses and the result of the company’s employee evaluation. The spreadsheet even contained the data of some of the people who collaborated in the research posing as potential customers.

On the other hand, the company issued a statement mentioning: “Our team members are aware that they are monitored for training purposes. We have received a troubling report regarding external access to this data, an incident that resulted in the publication of this information on a public platform,” says the company’s data protection team. 

Regus immediately notified Trello’s team that he removed the exposed material immediately. However, the problems will not end here, as the incident must be notified to the UK Information Commissioner’s Office (ICO), currently run by Elizabeth Denham. 

Finally, Applause, a company hired to carry out the evaluation of Regus personnel, issued a statement mentioning: “We have conducted an internal audit to rule out the possible presence of some third-party software operating stealthily in our networks. Finding no evidence of malicious activity, we concluded that the incident occurred due to carelessness.” 

Although the amount of personal information committed in this incident is not really high, data protection specialists from the International Institute of Cyber Security (IICS) point to the worrying number of incidents of exposure of information caused by simple oversights of staff in charge of managing these implementations. In the most serious cases, these incidents can leak highly sensitive information from hundreds of thousands, or even millions of users of online services and platforms.