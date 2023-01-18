January 18, 2023 02:48 pm | Updated 02:48 pm IST

HR management portal myrocket.co on Wednesday saw a data breach of 260GB that exposed personal sensitive information of employees, according to report by Cybernews.

The company provides end-to-end recruitment solutions and HR services to companies in India.

The data includes sensitive and personally identifiable information like name, phone number, bank detail, parents’ names, date of birth, salary, payslip, tax information and even photocopies of personal documents like driving license and voter ID. It is estimated to have affected nearly 2,00,000 employees and almost nine million job candidates.

Researchers warn that the data might help threat actors craft targeted campaigns, assist in forgery and identity theft, and trick companies into making payments.

The data, which includes 435,000 payslips, 300 tax filings, 3,800 insurance payment documents and 21,000 salary sheets belonging to various companies using the platform, was leaked due to a misconfiguration of a newly created Kibana instance which has been fixed now.

Data of around nine million job candidates including insecurely hashed emails, phone numbers, names, home addresses and automatically generated resumes was also part of the leak.

The company has also started an internal investigation into the matter, the report shared.

However, since the data included hashed names and contact information in plain text, researchers at Cybernews shared that individuals who have been employed by the company or used myrocket.co should consider their information exposed and act accordingly.

Researchers suggest users contact government branches responsible for issuing documents and ask for the documents to be invalidated and apply for fresh documentation, monitor their bank account activities, and either change their phone numbers or take additional steps to secure leaked information.

Users are also advised to take extra care when receiving messages, especially those containing leaked information, as it could be used to launch phishing attacks.