Detailed information about the job performance of more than 900 Regus employees was accidentally published online after the co-working space provider conducted a review of its sales staff. 

Regus owner IWG commissioned the mystery shopping business, Applause, to audit its sales staff through covert filming using "spy pens" fitted with miniature cameras. The employee performance data was compiled into a spreadsheet listing the names and work addresses of hundreds of Regus sales managers along with reviews of their performance. 

However, the employee performance data was published to a page on the task management site Trello, which had been made public, allowing the files to leak into Google search results. According to the Telegraph, this was apparently due to accidentally setting the Trello board to 'public'. 

After learning of the incident, Regus took immediate action and removed the content from the external provider's site. A Regus spokesman claims that the company has "run an internal audit to confirm that there are no other unapproved third-party software tools being used in any client engagements."

NNT CTO Mark Kedgley recently told SC Media UK, "The GDPR teeth are already biting, with over €100 m (£83 m) in fines already issued across the EU since the 2018 legislation came into action. In the UK, it seems the ICO are still using fines sparingly to maximize the impact when they do, with BA made an example of last year with the threat of a £183 m fine for their security lapse." 

"The message to all businesses operating within the EU region is clear: breaches involving the exposure of personal information will cost you financially and in customer trust. The best advice is to review your internal security operations against the CIS Controls to maximize cyber defenses, and always make use of encryption where possible for personally identifiable information as a backstop, so that even in the event of a breach, the data is unusable."

Studies show that the majority of security incidents occur when the first six CIS Controls are lacking or are poorly implemented. That's why we've teamed up with the Center for Internet Security (CIS) to host a webinar detailing the first six CIS Controls - also called the Basic CIS Controls

Join us on Thursday, February 20 for our webinar and learn: 

- What are the first six CIS Controls?

- What are the CIS Controls implementation groups and which group does your organization fit in? 

- Where to start and what shortcuts to take?

Click here to register 

Read the full article here Regus suffers staff data breach via third party 

The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.