HR portal myrocket.co data breach exposes information of Indian employees: report

A data breach in HR management platform myrocket.co exposed personal information of hundreds of thousands of Indian employees and millions of job candidates  

Published - January 18, 2023 02:48 pm IST

A data breach in HR management platform myrocket.co exposed personal information of hundreds of thousands of Indian employees and millions of job candidates.

A data breach in HR management platform myrocket.co exposed personal information of hundreds of thousands of Indian employees and millions of job candidates. | Photo Credit: Reuters

HR management portal myrocket.co on Wednesday saw a data breach of 260GB that exposed personal sensitive information of employees, according to report by Cybernews.

(For insights on emerging themes at the intersection of technology, business, and policy, subscribe to our tech newsletter Today’s Cache.)

The company provides end-to-end recruitment solutions and HR services to companies in India.

The data includes sensitive and personally identifiable information like name, phone number, bank detail, parents’ names, date of birth, salary, payslip, tax information and even photocopies of personal documents like driving license and voter ID. It is estimated to have affected nearly 2,00,000 employees and almost nine million job candidates.

Researchers warn that the data might help threat actors craft targeted campaigns, assist in forgery and identity theft, and trick companies into making payments.

The data, which includes 435,000 payslips, 300 tax filings, 3,800 insurance payment documents and 21,000 salary sheets belonging to various companies using the platform, was leaked due to a misconfiguration of a newly created Kibana instance which has been fixed now.

Data of around nine million job candidates including insecurely hashed emails, phone numbers, names, home addresses and automatically generated resumes was also part of the leak.

The company has also started an internal investigation into the matter, the report shared.

However, since the data included hashed names and contact information in plain text, researchers at Cybernews shared that individuals who have been employed by the company or used myrocket.co should consider their information exposed and act accordingly.

Researchers suggest users contact government branches responsible for issuing documents and ask for the documents to be invalidated and apply for fresh documentation, monitor their bank account activities, and either change their phone numbers or take additional steps to secure leaked information.

Users are also advised to take extra care when receiving messages, especially those containing leaked information, as it could be used to launch phishing attacks.  

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.