Pflegia, a German healthcare recruitment platform, has exposed hundreds of thousands of files with sensitive user data such as names, home addresses, and emails.
Scouting for a new career can be stressful. Now imagine that, instead of a new role, you find that your resume data was exposed. That’s what job seekers using Pflegia’s services are dealing with.
The Cybernews research team discovered an open Amazon Web Services (AWS) cloud instance, often referred to as a “bucket” in the business, with over 360,000 files. The team deduced that the exposed files belonged to Pflegia.
Pflegia is a German recruitment platform that hires healthcare professionals for hospitals, nursing homes, outpatient services, and intensive care.
We’ve reached out to Pflegia to disclose the issue, and the exposed server was quickly closed to the public.
What kind of Pflegia user data was exposed?
The exposed AWS bucket held hundreds of thousands of files with sensitive information. Most of the files were user-submitted resumes with details such as:
- Full names
- Dates of birth
- Occupation history
- Home addresses
- Phone numbers
- Email addresses
Exposing this type of data, categorized as Personally identifiable information (PII), poses numerous dangers to victims since attackers can leverage the data for spear phishing attacks and identity theft.
“Exposing job seeker data exposes them to scammers masquerading as recruiters. Since attackers already have enough information on potential victims, they could easily disguise an attack as a tempting job offer,” our researchers said.
To avoid similar mishaps, the team advises companies to set server-side encryption for existing AWS buckets, regularly check server access logs, and enhance employee training on data security.
After receiving the Cybernews email, the company initiated an investigation and engaged external experts for a thorough analysis.
Pflegia said it had been actively collaborating with the appropriate German authorities, providing them with the necessary information and cooperating fully with their investigations.
It is closely working with the authorities to ensure a comprehensive resolution of the matter.
“Additionally, we have taken immediate steps to inform and notify all affected users about the incident. We understand the concerns and potential impact this incident may have on them, and we are dedicated to providing them with the necessary support and guidance during this time,” the company said.
More from Cybernews:
Subscribe to our newsletter