- Home
- News
- Articles+
- Aerospace
- Agriculture
- Alternate Dispute Resolution
- Banking and Finance
- Bankruptcy
- Book Review
- Bribery & Corruption
- Commercial Litigation
- Competition Law
- Conference Reports
- Consumer Products
- Contract
- Corporate Governance
- Corporate Law
- Covid-19
- Cryptocurrency
- Cybersecurity
- Data Protection
- Defence
- Digital Economy
- E-commerce
- Employment Law
- Energy and Natural Resources
- Entertainment and Sports Law
- Environmental Law
- FDI
- Food and Beverage
- Health Care
- IBC Diaries
- Insurance Law
- Intellectual Property
- International Law
- Know the Law
- Labour Laws
- Litigation
- Litigation Funding
- Manufacturing
- Mergers & Acquisitions
- NFTs
- Privacy
- Private Equity
- Project Finance
- Real Estate
- Risk and Compliance
- Technology Media and Telecom
- Tributes
- Zoom In
- Take On Board
- In Focus
- Law & Policy and Regulation
- IP & Tech Era
- Viewpoint
- Arbitration & Mediation
- Tax
- Student Corner
- AI
- ESG
- Gaming
- Inclusion & Diversity
- Law Firms
- In-House
- Rankings
- E-Magazine
- Legal Era TV
- Events
- News
- Articles
- Aerospace
- Agriculture
- Alternate Dispute Resolution
- Banking and Finance
- Bankruptcy
- Book Review
- Bribery & Corruption
- Commercial Litigation
- Competition Law
- Conference Reports
- Consumer Products
- Contract
- Corporate Governance
- Corporate Law
- Covid-19
- Cryptocurrency
- Cybersecurity
- Data Protection
- Defence
- Digital Economy
- E-commerce
- Employment Law
- Energy and Natural Resources
- Entertainment and Sports Law
- Environmental Law
- FDI
- Food and Beverage
- Health Care
- IBC Diaries
- Insurance Law
- Intellectual Property
- International Law
- Know the Law
- Labour Laws
- Litigation
- Litigation Funding
- Manufacturing
- Mergers & Acquisitions
- NFTs
- Privacy
- Private Equity
- Project Finance
- Real Estate
- Risk and Compliance
- Technology Media and Telecom
- Tributes
- Zoom In
- Take On Board
- In Focus
- Law & Policy and Regulation
- IP & Tech Era
- Viewpoint
- Arbitration & Mediation
- Tax
- Student Corner
- AI
- ESG
- Gaming
- Inclusion & Diversity
- Law Firms
- In-House
- Rankings
- E-Magazine
- Legal Era TV
- Events
HCL leaves employee passwords and other sensitive data exposed online
[ By Titus Manickam Rock ]HCL, an IT services giant, left passwords and other sensitive data pertaining to its employees exposed online making it available to anyone eagerly on the lookout for such critical information. Although it could not be verified if such illicit acceptance of the information was availed of, a slip of such nature is inexcusable.Information inadvertently exposed belonged...
ToRead the Full Story, Subscribe to
Access the exclusive LEGAL ERAStories,Editorial and Expert Opinion
HCL, an IT services giant, left passwords and other sensitive data pertaining to its employees exposed online making it available to anyone eagerly on the lookout for such critical information. Although it could not be verified if such illicit acceptance of the information was availed of, a slip of such nature is inexcusable.
Information inadvertently exposed belonged to the company’s Human Resource Department that contained data of new employees numbering over fifty four such employees. Information such as the candidate’s ID, mobile number, joining date, joining location, recruiter SAP code, recruiter’s name, user name, password, offer accepted and link to the candidate were exposed. By any standard, this information is enough to jeopardize information pertaining to the company’s ongoing projects or projects in the making for foreseeable future.
The exposed information had the potential to gain further access into the company’s sensitive systems or even send legitimate-looking phishing emails to others in the company or its customers. It was critical for HCL to order an enquiry into the incident to know the reason or reasons for such exposure for punitive measures and other action to ensure such incidents do not recur.
In the era of information technology, employee’s data, company’s projects, trade secrets, status of project deployments, etc. are vital and top IT entities are known to use these to poach on each other’s personnel and projects. Even cursory information about the section an employee reported to was enough to gain valuable information for competitors.
Understandably, HCL spokesperson quickly dismissed the incident as a non-starter brushing it off saying, "HCL Technologies takes data security extremely seriously. Immediately after learning of the issue we took action and resolved it quickly. Our team is in the process of conducting a thorough review to determine precisely what occurred and implement measures to ensure it does not happen again."