Wrongly configured security settings in a Cisco portal used for job applications has resulted in the leak of personal data online.
The networking vendor told affected individuals that a "limited set of job application related information" had been exposed due to botched settings in the mobile version of its professional careers website.
It said the issue arose after an "incorrect security setting" was made following system maintenance. The settings were in place from August to September 2015 and July to August this year.
Cisco said data leaked included names, physical and email addresses, education and work history, cover letters, resumes, passwords and phone numbers, and potentially gender, race, and disability information.
It claimed there was no evidence of unauthorised access other than by the unidentified security researcher who reported the leak, but admitted it had discovered an "instance of unexplained, anomalous connection to the server" during the months the incorrect settings were in place.
Cisco said [pdf] it had immediately corrected the settings and reset user passwords upon discovering the leak.
It is advising applicants to change their login credentials and responses to security questions if they have reused the details on other sites.
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
