Worlds largest youth run agency exposes 4 million intern applications on Elasticsearch server- Comment

It has been reported that AIESEC, labelled as the “world’s largest youth-run organisation,” has been found to have exposed over four million intern applications, which contain sensitive and personal information, after failing to apply a password onto an Elasticsearch server.

The database contained “opportunity applications” contained the applicant’s name, gender, date of birth, and the reasons why the person was applying for the internship.

Full story here:

Commenting on the news is Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG:

“Merry belated Christmas, millennials. By the way, your data was exposed… Of the 4 million intern applications unprotected, a company rep claims only 40 of the records were actually exposed.

No matter what the count is, it just goes to continue prove a major point… companies all around the world are not all protecting personal data. When writing personally identifiable information on to a database or file, organizations need to do more. Even just following the basics sometimes, would help. Even though this company is a Non-profit organization, GDPR fines may still apply.  If “Taylor Smith” was tokenized and protected as “FSLIDB ZPMDQ” we wouldn’t be having this issue.”