News

Published on May 21st, 2019 📆 | 6797 Views ⚑

0

Data breach exposes confidential information at IT company HCL


Text to Voice

Information
security audit
specialists reported that HCL, an important IT services company, left exposed
online the passwords of its employees, among other data, such as confidential
information related to the company clients’ projects.

According to reports, an online portal of the
company’s human resources area exposed names of newly-entered employees, usernames
for the platform, and simple text passwords. According to the company, the site
remained active during the data exposure period, compromising the accesses of
about 54 new employees.

The full profile of the compromised employees
includes information such as:

  • Employees’
    full names
  • Phone
    numbers
  • First
    day at work date
  • Recruiter’s
    SAP code

The exposed data could have been used by
malicious hackers to log into the company’s networks, access sensitive systems,
and even take control of employees’ email accounts to deploy phishing
campaigns against other HCL employees, commented the information security audit
specialists.





This incident may have exposed confidential
intellectual property of both the company and its clients; regularly, this
information is treated as trade secret, so access to information hosted by HCL
can be really useful for customers and competitors.

A spokesman for the company stated: “In
HCL we take information security very seriously. As soon as we discovered this
security incident, we took the necessary steps to resolve the problem as soon
as possible. In addition, our security teams will perform a thorough review to
know exactly what happened and prevent it from happening again. 

According to the information security audit specialists, SmartManage, an HCL portal to share information on the company’s projects with its clients was also compromised, exposing information such as:

  • Internal
    analysis
  • Productivity
    reports
  • Software
    Installation reports

Recently, specialists from the International
Institute of Cyber Security (IICS) reported a serious security incident in Wipro,
one of the largest competitors in HCL; during this incident, hackers seized the
Wipro systems to launch attacks against some of the company’s clients. For now
there is no evidence to prove that something similar happened in HCL, although
the possibility should not be ruled out.



Source link

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑