-
I used to work for a large consultancy based out of NL and they did a similar thing for all staff. -
I worked at a UK based big US bank. They kept all contractors details including rate on the general drive on an unprotected Excel spreadsheet in a folder call 'Contractors.'Leave a comment:
-
Sounds to me like they have some form of security, where as you need to have an account within their network. So, open to the big wide world might not be the case.Originally posted by C0ntractor View Post
However, if you can view everything internally, that should be raised with their internal systems team. It is also worth checking that your account isnt a member of some administration group to complete your job. But if you are asking on here about that, I would imagine your role doesn't work around permissions, or you would be already blocking access
Leave a comment:
-
Seems clear he is on their network if he can access their intranet?
Regardless, still shocking that info is exposed for anyone on the intranet to sniff through.Leave a comment:
-
I accessed the intranet portal from outside of the network using my credentials. The site was accessed lawfully but there are no security permissions set on any of the information/folder structure.
My contract with these guys is potentially coming to an end in a month or so...Leave a comment:
-
The question I would ask is did you access their intranet from their network or an external network?
If the later then there is clearly a breach of access if the former then you may want to consult their code of connection for contractors as it may be your account has the correct permissions to view said records.
my 2 centsLeave a comment:
-
I'd let them know first, and make sure they report it to the Information Commissioners Office - by law they have to report every data protection breach, and this sounds like a fairly serious one!Leave a comment:
-
Contact them and ask them if they're aware that they've exposed the contents of their database to the entire world?
Or if you're not feeling helpful, contact a journalist.Leave a comment:
-
Employer holding masses of contractor data with no security - Advice?
This is a bit of a weird one. I contract through a large well known service provider who deal with many contractors and clients in the UK. Today they sent me a newsletter with links to their intranet, which I've never seen before.
I decided to have a browse and out of curiosity I decided to search for myself to see what came up. To my horror ALL of my correspondence, including contracts, rates etc appeared in the search results and I was able to freely access and view these. Worse than that the site lets me browse directories and I can see (although I've not viewed) all the data for 100's of contractors, pretty much any info I require, rates, personal info, contracts etc.
I'm amazed that this data is so easily accessed and can be seen by anybody. Obviously I'm not happy that contract information can be accessed by anyone, I thought I'd first ask for some advice on here on how I should approach this.
Thoughts?
Leave a comment: