Regus sales staff data exposed after undercover job review
Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review.
Sales staff at Regus had been recorded showing researchers posing as clients around office space available to rent.
Information about the employees was later published on Trello, a task-management website.
And a spreadsheet with names, address and job performance data was found via Google by the Telegraph newspaper.
The names and addresses of hundreds of the researchers, contracted from a company called Applause by Regus parent company IWG, were also included.
"Team members are aware they are recorded for training purposes and each recording is shared with the individual team member and their coach to help them become even more successful in their roles," IWG said.
"We are extremely concerned to learn that an external third-party provider, who implemented the exercise, inadvertently published online the outcomes of an internal training and development exercise.
"As our primary concern we took immediate action and the external provider has now removed the content."
Michael Pryor, co-founder of Trello said: "Trello boards are set to private by default and must be manually changed to public by the user.
"We strive to make sure public boards are being created intentionally and have built in safeguards to confirm the intention of a user before they make a board publicly visible."
The data breach has not been reported to the UK's Information Commissioner's Office.
BBC News has asked the Luxembourg data commissioner if the breach has been reported there instead and contacted Applause for comment.
An Applause spokesman said: "Since being made aware of this issue, we have reiterated our [information security] policies with our worldwide employees and have run an internal audit to confirm that there are no other unapproved third-party software tools being used in any client engagements."
21 January 2020: This story has been updated to include a statement from Trello.