Datalek at Randstad: to view private data of job seekers

In half an hour, RTL Z managed to see seven different profiles. The leak was discovered by security researcher Dennis Veninga of Networking4all, which Randstad pointed out. The leak was repaired in a few hours

Refresh

Randstad temporarily posted profiles of jobseekers. According to the company, this was due to an error in the download function of your profile. An evening update was made Wednesday night that caused this problem, reports Randstad. By refreshing the page, you get a new profile from a job seeker every few minutes.

This profile included the full name, home address, date of birth, email address, mobile phone number, desired positions, salary, experience of work and education. With this type of data, it is possible to commit an identity fraud

Surprised

It is unclear how many job seekers appear in the data breach. According to Randstad, a maximum of nine profiles have been recognized by an unauthorized person, but he can not exclude that more profiles have appeared open and exposed on the Internet. An attacker could then write a so-called script to automatically collect all this data and sell or abuse it.

Veninga discovered the leak when he wanted to remove his Randstad profile. "To my surprise, I discovered the details of another candidate, and after clicking several times on renewals, I was presented again with data from another candidate , this time again a random person. "

" We find this very boring for people who are running into the leak, "says a Randstad spokesperson against RTL Z." That should not have happened arrive, and we regret the situation. "

The leak is due to privacy An agent of Randstad reported to the Dutch Data Protection Authority. People whose data has been exposed on the Internet are personally informed by Randstad.