Member details exposed following web admin error

The personal details of up to 2,200 French cybersecurity professionals may have been compromised following a data security oversight at CLUSIF, a Paris-based information security society.

In a statement published yesterday, CLUSIF president Jean-Marc Grémy said that “files of personal data relating to [our] members could have been consulted by third parties via search engines”.

“It is not an act of malicious intent, a human error has been committed in the management of our website,” he added.

According to local media reports, details of 2,200 society members were exposed.

To gain access to the dataset, reports said, a user simply needed to conduct a browser search with the keywords ‘clusif’ and ‘csv’, suggesting that the leak could have resulted from a misconfigured cloud storage bucket.

After being alerted to the incident, CLUSIF’s technical team immediately implemented corrective measures, Grémy said.

The Daily Swig has reached out to the association for further details.

Club de la sécurité

Founded more than 35 years ago, CLUSIF (Club de la sécurité de l’information français) is a non-profit IT organization that counts France-based CISOs and other security professionals among its members.

The society aims to promote industry best practices through conferences, working groups, and publications.

Given the organization’s focus on security, this data exposure incident is likely to leave CLUSIF’s management more than a little red-faced.

That said, the non-profit was quick to act on the issue, alerting both its members and (French privacy regulator) Commission nationale de l’informatique et des libertés within 24 hours.

“This happens even to the most sophisticated [of organizations],” one French-speaking CISO said of the incident, adding that CLUSIF’s response was “a good example of transparency”.