On Monday 31 October at 9.30pm (UK time), our IT vendor Capgemini was alerted to an incident involving unauthorised entry to our servers by a third party. This was brought to our attention by an independent technology expert who had been contacted by the third party.
We know that the records of 711,000 candidates was accessed, with candidate data relating to the following countries – China, Netherlands and the UK. To clarify, the affected countries are purely as listed – China, Netherlands and the UK. We are confident no data records from Australia and New Zealand were downloaded.
After verifying the nature and credibility of the risk, Capgemini immediately locked down access to the affected areas on the morning of 1 November 2016.
The data accessed relates to candidates only and contains identifying information with the following fields:
- First name
- Last name
- Email address
- Telephone number
- The sector you told us you work in
- The sub-sector you told us you work in
- Job type
- Password – please note this is encrypted and not readable by any third-party
- Current job (only when applying via LinkedIn)
- Your covering message (optional field)
Due to the nature of the data, there is limited risk of fraudulent activity for those affected. We can also confirm that no other data has been compromised.
All of the individuals affected have been sent an email, which details the level of information that was accessed. We are working closely with Capgemini to investigate how this incident occurred. We are also working hard to put measures in place to ensure that an incident of this nature does not happen again.
We are deeply disappointed that this breach occurred and wish to apologise to those affected.
We do not believe that the unauthorised access was carried out with any fraudulent or malicious intent. We requested that the third-party destroys all copies of the data and they have confirmed that they have already done so.
Any candidates or clients concerned about the issue can contact us at [email protected]