Security lapse at CLUSIF result in the leak of personal details of its 2,200 members

• Personal data relating to the members could have been consulted by third parties via search engines.
• The organization has informed the National Commission for Informatics & Liberties and their members about the incident.

The CLUSIF, a Paris-based information security society, has accidentally exposed the personal details of up to 2,200 cybersecurity professionals. Although the information leaked in the incident is unknown, the firm has started an investigation to access the loss.

Information exposed on search engines

In a statement published by the society, CLUSIF president, Jean-Marc Grémy said that files of personal data relating to the members could have been consulted by third parties via search engines.

“It is not an act of malicious intent, a human error has been committed in the management of our website,” Grémy added.

Explaining more on the incident, Grémy said that a user could conduct a browser search using keywords such as ‘clusif’ and ‘csv’ in order to gain access to the dataset. Meanwhile, it is also believed that a misconfigured cloud storage bucket could also be another reason for this data leak.

The firm has started working on the issue. It is planning to increase the security of its services.

We place the highest importance on data protection and continually strive to maintain the security of our services. This situation does not reflect the work of the staff and volunteers of our association.

The organization has informed the National Commission for Informatics & Liberties and their members about the incident.