A database containing 260GB of sensitive personal data from myrocket. co, which provides end-to-end recruitment solutions and HR services to Indian businesses was left publicly accessible on the internet.
The incident affected nearly 200,000 employees and almost nine million job seekers.
The issue was caused by a misconfiguration and the company fixed the issue upon notification.
The exposed data included employees’ names, taxpayer information, personal identification numbers, emails, phone numbers, bank details, parent names, dates of birth, salaries, employee roles, insurance, tax information, work contracts, addresses, and even photocopies of personal documents such as driving licenses or voter IDs.
Source: https://heimdalsecurity.com/blog/data-leaks-how-an-hr-platform-left-employees-private-data-exposed/
"id": "ROC20818123",
"linkid": "rocket-app",
"type": "Data Leak",
"date": "12/2022",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"