A researcher was able to access users' job application information from the Cisco Professional Careers mobile website, prompting an incident response alert.
A researcher was able to access users' job application information from the Cisco Professional Careers mobile website, prompting an incident response alert.

Cisco Systems has notified users of its Cisco Professional Careers mobile website of accidental data exposure, after an independent security researcher was able to access job application information from the site.

In a Nov. 2 incident response alert posted online, the Santa Jose-based tech company attributed the data leak to faulty security settings following system maintenance on a third party's website. The incorrect settings were in place from August 2015 and September 2015 and from July 2016 to August 2016.

Cisco responded to the potential data breach scenario by initiating a password reset and disabling security questions used for password access. In its notice, the company said it does not believe the information was accessed by outsiders other than the researcher. However, a ZDNet report noted that Cisco, in its breach notification to the California Department of Justice, did disclose “an instance of unexplained, anomalous connection to the server” during the time the data was exposed.