The parent company of Costa Coffee, Whitbread, has been the subject of a data breach which has seen personal information of job candidates exposed.
A cyber attack was carried out on Whitbread’s recruitment agency, PageUp, potentially leaving data including home address, email address, telephone number, maiden name, date of birth, and country of residence open to data thieves.
The intrusion first hit on May 23 however it only realised on May 28 that a malware attack had occurred. Last month the company confirmed there was no longer an active threat on the system, and said it had notified the UK Information Commissioner’s Office regarding the data breach, however it is unclear when Whitbread and other clients became aware of the incident.
Costa applicants hit by the breach, including some who claim they applied years ago, have confirmed on Twitter they were sent an email by Whitbread telling them their data had been exposed. Some have also claimed the breach has led to “spam calls”.
lol, fml. I applied for a job at Costa a couple of years back, and just got an email out of the blue saying that my data might been compromised 🙃 pic.twitter.com/3s3hPZSWhP
— matt🔔 (@mbellgb) July 2, 2018
So i just had an email saying that Whitbread, the owners of @CostaCoffee have had a breach on their recruitment site and leaked my personal data, im genuinely shocked, no wonder i keep getting spam calls and things, it awful! 😭 https://t.co/5FsKuJ64T2
— Katie Lothian (@LothianKatie) July 2, 2018