Regus sales staff data exposed after undercover job review

A woman at a desk speaks to another woman sitting near to herGetty Images

Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review.

Sales staff at Regus had been recorded showing researchers posing as clients around office space available to rent.

Information about the employees was later published on Trello, a task-management website.

And a spreadsheet with names, address and job performance data was found via Google by the Telegraph newspaper.

The names and addresses of hundreds of the researchers, contracted from a company called Applause by Regus parent company IWG, were also included.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by James Cook

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy and privacy policy before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.

"Team members are aware they are recorded for training purposes and each recording is shared with the individual team member and their coach to help them become even more successful in their roles," IWG said.

"We are extremely concerned to learn that an external third-party provider, who implemented the exercise, inadvertently published online the outcomes of an internal training and development exercise.

"As our primary concern we took immediate action and the external provider has now removed the content."

Michael Pryor, co-founder of Trello said: "Trello boards are set to private by default and must be manually changed to public by the user.

"We strive to make sure public boards are being created intentionally and have built in safeguards to confirm the intention of a user before they make a board publicly visible."

The data breach has not been reported to the UK's Information Commissioner's Office.

BBC News has asked the Luxembourg data commissioner if the breach has been reported there instead and contacted Applause for comment.

An Applause spokesman said: "Since being made aware of this issue, we have reiterated our [information security] policies with our worldwide employees and have run an internal audit to confirm that there are no other unapproved third-party software tools being used in any client engagements."

21 January 2020: This story has been updated to include a statement from Trello.

More on this story