Recruitment firm PageGroup victim of 'lone hacker' attack
A "lone hacker" has broken into the network of recruitment firm PageGroup, accessing personal details of UK customers, the company has said.
The recruitment agency said its IT provider Capgemini discovered "unauthorised entry" to its servers by a "third party", with the records of more than 700,000 customers globally then being accessed - including names, email addresses and telephone numbers.
PageGroup said in a statement the breach took place on October 31. Customers were not alerted to the incident until November 10 when an email was sent to users.
The firm is yet to comment on the reason for the delay but has said it does not believe the attack took place with "malicious intent".
"We requested that the third party destroys all copies of the data and they have confirmed that they have already done so," the company said in a statement.
There have been reports the breach was carried out by a so-called "ethical hacker" - attackers who breach the security of company websites and then inform those involved as a way of advertising better cyber security.
Hacking group OurMine has publicly accessed the social media accounts of several high-profile figures, including Mark Zuckerberg and Google chief Sundar Pichai, in an attempt to promote better password security.
PageGroup said their website was quickly secured following the breach.
"After verifying the nature and credibility of the risk, Capgemini immediately locked down access to the affected areas on the morning of November 1."
PageGroup also said other information accessed included a user's location and job search information.
"Due to the nature of the data, there is a limited risk of fraudulent activity for those affected. We can also confirm that no other data has been compromised.
"All of the individuals affected have been sent an email which details the level of information that was accessed. We are working closely with Capgemini to investigate how this incident occurred.
"We are also working hard to put measures in place to ensure that an incident of this nature does not happen again.
"We are deeply disappointed that this breach occurred and wish to apologies to those affected."