CareerOne CRM Mishap Exposes Client Details

June 26, 2007: An embarrassing data breach has come to light at job website CareerOne, with the site’s customer relationship management (CRM) database containing detailed client information and a range of unflattering comments made public on the internet.

By following a now disabled link on careerone.com.au, a database of 485 clients – not jobseekers – and their login details and another with 5188 potential clients including their full names, addresses and telephone numbers was publicly accessible.

If the exposure of client details wasn’t enough though, the database also includes notes by CareerOne case workers on their dealings with clients, some of which go so far as to call difficult clients “good for nothing” and one a “retard”.

According to The Sydney Morning Herald, the information dates back to early 2000 and was altered as recently as the 27th of May, leading speculation that the information could have been exposed online for at least the best part of a month.

News Digital Media has launched an internal investigation to ascertain how the sensitive client information became accessible via an unsecured web address, claiming in a statement that it “will not tolerate comments made by the account executives responsible” and apologising for any offence or embarrassment the breach has caused.

“The company immediately removed a URL that exposed old client information today,” said a spokesperson in a statement according to the SMH. “We take security and privacy issues extremely seriously and are currently reviewing our practices as a matter of urgency.”

Review or not and disregarding action by angry clients, News Digital Media could already be in a spot of bother as this mishandling of personal information is likely to have breached the Commonwealth's National Privacy Principles in the Privacy Act 1988.

Comment on this story