Cyber Incident Victim: PageGroup
Date:
Nov 2016
Location:
United Kingdom
Summary
A global recruitment firm experienced unauthorized access to its network when a hacker infiltrated a development system managed by an IT outsourcing partner, compromising job applicants' personal information including names, email addresses, encrypted passwords, telephone numbers, locations, job preferences, and optional cover messages. The intruder reportedly destroyed the accessed data upon discovery, with no evidence of malicious intent, broader dissemination, or fraudulent activity linked to the breach. While applicant CVs remained secure, the incident prompted both the recruitment company and its outsourcing provider to initiate security reviews following the unauthorized disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early November 2016, global recruitment firm PageGroup discovered a security breach involving unauthorized access to applicant data managed by its IT outsourcing partner Capgemini. The intrusion targeted a development system operated by Capgemini on PageGroup's behalf, with the attacker compromising personal information of job seekers. Accessed records included first and last names, email addresses, telephone numbers, geographic locations, job preferences, current employment details (when applicants applied via LinkedIn), optional cover messages, and encrypted passwords. The companies asserted the hacker exhibited no malicious intent, claiming the individual destroyed the compromised data upon discovery. PageGroup became aware of the incident on November 1 but delayed public notification until November 10, when it began alerting affected customers via email. Both organizations emphasized that no résumé documents (CVs) were accessed during the breach, limiting exposure to application metadata rather than full employment histories.
PageGroup and Capgemini coordinated their response following the November 1 detection, with forensic analysis confirming the breach originated from Capgemini's development environment. The outsourcing firm, which also handled sensitive UK government contracts, validated that no further dissemination of stolen data occurred and found no evidence of fraudulent activity stemming from the incident. While maintaining the intruder acted without criminal motives, both companies initiated comprehensive security reviews of their systems and processes. The delayed disclosure timeline—spanning over nine days between detection and customer notifications—reflected investigation periods rather than immediate public acknowledgment. PageGroup's communications to applicants outlined the specific data fields exposed but reiterated that password protections remained intact due to encryption. Capgemini's involvement as a third-party service provider highlighted supply chain vulnerabilities, though neither organization reported regulatory penalties or legal consequences directly resulting from the breach at the time of disclosure.