News Digital Media's CareerOne online employment website has launched an internal investigation into how confidential client information accidentally become publicly accessible on the internet.



The material is part of CareerOne's customer relationship management database, described by the company as "old client information".



The details include comments about clients made by CareerOne account executives, some of which are highly unflattering. In one case, a client is referred to as a "retard" and in another a client is called a "lazy good for nothing".



Every file on the master page shows the "last modified" time and date as being at "00:45:52 GMT" on Monday, May 28, 2007, suggesting that they have appeared in this visible state for almost a month.



CareerOne was not aware of the security breach until this morning when they were informed. The web page was subsequently taken down.



CareerOne said the investigation would determine how the material was exposed and who accessed it.



"The company immediately removed a URL that exposed old client information today,'' a spokesperson said in a statement. "We take security and privacy issues extremely seriously and are currently reviewing our practices as a matter of urgency.''



The statement said the company "will not tolerate comments made by the account executives responsible and apologises for any offence or embarrassment that this may have inadvertently caused''.



None of the exposed details were from individual job seekers. They all related to organisations seeking to hire employees.

Although clearly unintentional, the bungle almost certainly breaches the Commonwealth's National Privacy Principles in the Privacy Act 1988 which relates to the handling of personal information.