Connecting to LinkedIn...

PageGroup hack exposes cybercrime risk in the recruitment sector

4 months ago by Matt Comber

W1siziisijiwmtcvmdivmdcvmtevmjmvndqvodqvynq0mwx3owk2a2mtcmlzagfiac12yxjzag5les5qcgcixsxbinailcj0ahvtyiisijiymdb4njawxhuwmdnjil0swyjwiiwib3b0aw1pemuixv0

The hacking of global recruitment consultancy PageGroup in October last year brought the issue of cybersecurity to the attention of recruitment businesses around the world. The hack saw the names, email addresses and phone numbers of 710,000 Michael Page applicants accessed by what the firm called “an unauthorised third party”.

Luckily for the users affected, PageGroup has since said that there was no malicious intent from the third party that captured the data. However, that didn’t prevent the embarrassment of PageGroup being forced to write to all of the applicants contained in the affected data, informing them of the breach.

According to research by multinational professional services network PwC, 18 percent of businesses don’t know how many cyber-attacks they’ve had in the past year and, on average, incidents can cost companies up to £2.6 million. These statistics, coupled with the fact that the recruitment industry is driven by data with each business in possession of a wealth of information on individuals, makes this sector a particularly viable target for hackers.

While recruitment businesses are becoming savvier when it comes to protecting themselves and their users from cyber-attacks, the PageGroup hacking debacle indicates that effective cyber security extends much further than you might think.

Are your partners doing enough?

In its statement about the hacking, PageGroup pointed out that illegal access was gained through a development server used by its IT provider Capgemini for testing PageGroup websites. Capgemini reportedly failed to make data on its development server anonymous, therefore leaving it wide open to hack.

For a while now, it’s been good industry practice to anonymise real data in testing environments following similar leaks that have occurred this way. So, if true, this is a grave mistake on the part of Capgemini and highlights the fundamental need for businesses to take responsibility for scrutinising the security prowess of their partners.

As a key partner to more than 350 recruiters across the globe, the team at Volcanic takes the security of our clients and the protection of their applicants’ data very seriously. It’s for this reason that 2017 will see a major drive for us on security and here are just some of the things we’ve been working on:

ISO 27001

In 2016, we were extremely proud to become the first recruitment website specialist to achieve ISO 9001. Not ones to rest on our laurels, 2017 will see us completing ISO 27001, an internationally recognised certification which will further improve our processes around data security and information management.

Improved security features

We’re always busy designing and building even more tools to keep our clients’ websites secure. For 2017, we’re launching some new features to our software including two-factor authentication, API improvements and Malware fixes to ensure that our system continues to be the most secure recruitment website platform in the world.

Keeping you informed

Our blog provides all of the latest news on security updates, changes to data legislation and practical tips on how you can get involved with monitoring and improving the security of your website. And because we’re recruitment specialists, all of the information we share is relevant and applicable to you and your business.  


For more information about how Volcanic ensures the cyber safety of our clients, you can contact our team today.