Regus staff data exposed

Written by:
Date Posted:
23 January 2020
Tech News

Personal details leaked onto public Trello board

Staff training mishap
Sensitive personal data has been shared online in the latest data breach to affect a business in the UK.  

Major office space providers, Regus, had been recording its staff for training purposes and had personal information and performance-based details compiled on its employees. Regus’s parent company, IWG, employed third-party mystery shopping firm, Applause, to carry out undercover training for them.

Set to ‘private’
The personal details of 900 Regus employees were then found published online on a public Trello board (a software-based organisation tool). This data breach comes after government and NHS departmental information had been leaked via the tool over the past few years. 

Trello boards are set to ‘private’ by default and must be manually changed to ‘public’ by the user. Safeguards do however exist to alert the user and confirm that the board is being made ‘public’. 

As search engines index public Trello boards, anyone could, in theory, see the data. A Telegraph report found that a spreadsheet with names, addresses and job performance data was easily found on Google. 

Data exposed
Regus is said to be very concerned that a third-party had published the findings of their training programme online. They took immediate action and had the content removed, but it is unknown how long the data was publically available and whether any of the data got into the wrong hands.

The data breach was allegedly not reported to the UK’s Information Commissioner’s Office (ICO), which is the protocol for companies in the UK to report any breaches within 72 hours of detection.

Security practices
As well as Regus’s own staff, the personal details and contact details of the external researchers at Applause were also leaked. Applause is said to be changing its security practices following the incident. 

This certainly isn’t the case of blaming Trello and its security practices, but rather a strong warning for companies to reassess where are how they store their data in the future. It does also pose the question of whether organisations should be using third-party software tools to store sensitive information.

Would you be worried if your work-related data had been shared online? Let us know @hyve

Rating: 5.0/5. From 1 vote.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.