LEAKS IN COFFEE SHOPS normally result in spilt foam and third-degree burns, but not in Costa Coffee's case, where it resulted in data belonging to employees and job applicants being exposed.
The details of existing and wannabe Costa Coffee baristas, or whatever the company calls them, were nicked after an online recruitment system belonging to the firms' parent company Whitbread was breached.
Run by Aussie recruitment software company PageUp, the breach took place last month and saw names, email addresses, phone numbers, physical addresses and employment information exposed.
"Forensic investigations have confirmed that an unauthorised person gained access to PageUp systems," explained PageUp. "Although the incident has been contained and PageUp is safe to use, we sincerely regret some data may be at risk."
While PageUp is still investigating the incident, it currently appears to be quite confident that the data breach isn't a biggie.
"For those employees who currently or previously had access to a client's PageUp instance, current password data is protected using the robust password hashing algorithm, bcrypt, which includes salts, and therefore is considered to be of very low risk to individuals," the company said, suggesting that some employees change their passwords if they haven't done so since 2007.
"Password data for applicants was protected using industry best practice techniques, including hashing and salting and therefore evaluated as a very low risk.
"Importantly, we are confident that the most critical data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts are not affected in this incident."
While PageUp may be confident in its security, there's no getting away from the fact it was hacked. And hospitality hacks appear to be in vogue, as both Premier Inn, also owned by Whitbread, and competitor Travelodge both suffered data breaches this week.
Both hotel firms saw customer data pilfered in separate breaches. Travelodge's saw its data spilt after Typeform, a third-party company that handles the hotel's customer competitions and surveys, suffered a breach.
Whitbread confirmed to us that Premier Inn's security slip-up was linked to the same PageUp hack as the one that affected Costa Coffee.
It appears, as ever, businesses really need to take an extra dollop of scrutiny when it comes to security, and it's probably best to have systems in place to handle data breaches if and when they happen as GDPR fines aren't exactly light on the pocket. µ
What could possibly go wrong...
Committee clams firm failed to implement 'adequate security'
Meme Ban means Meme Ban
It's anonymous data at first but the NYT figured out how to make it personal