Costa Coffee applicant data exposed in mega breach

Costa Coffee applicant data exposed in mega breach

Details of Costa Coffee and Premier Inn job applicants have been exposed following a mega data breach affecting their online recruitment system.

Whitbread - the firm that owns Costa Coffee, Premier Inn and Beefeater - was affected by a breach to its recruitment provider, Australia’s PageUp.

Whitbread said on Monday that “there is a possibility” that any data submitted in the course of recruitment “may have been accessed and could potentially (in combination with other information) be used for identity theft”.

Last month, PageUp suffered a data breach in which tens of thousands of applicant’s names, addresses, email addresses, telephone numbers, genders, birth dates, and details of their referees were exposed.

It’s believed that the personal information of Whitbread applicants is also at risk.

Whitbread said that it suspended the use of PageUp as soon as it became aware of the incident, preventing current applicants from uploading their data into the system.

A Whitbread spokesman told Computer Business they are not disclosing the number of applicants potentially affected.

It employs around 50,000 UK staff across its brands.

The company has communicated the data risk to its applicants in an email, as reported by the Irish Times: “At Whitbread we take protecting your data very seriously and we are very sorry that this has happened.

“We choose our partner organisations very carefully and take every possible step to ensure your data is always kept secure."

"We value all our job applicants and we want to repeat that we are very sorry that this has happened.”

They have advised those potentially affected to change the password they used if it was the same as on other online services.

From our content partner

PageUp, a $30million turnover company, suffered from a suspected coordinated attack in late May.

PageUp’s IT systems in Australia, Singapore and the UK were affected, with the company notifying customers on 1 June.

The Australian Information Commissioner and the UK Information Commissioner’s Office (ICO) have been informed.

Have you enjoyed this piece?

Subscribe now to myGrapevine+ and get access to exclusive new content, and the full content archive.

Be the first to comment.

You are currently previewing this article.

This is the last preview available to you for 30 days.

To access more news, features, columns and opinions every day, create a free myGrapevine account.