Sign in / up

back to article Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Rubrik's internal security controls must have taken an early summer holiday because a Trello page that listed customer case studies and their status has been open for the great unwashed to access. The data protection and management biz has used the popular collaboration tool to detail projects. It is not clear how long it was …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Data protection business can't protect its own data

    Way to go!

    In all fairness though: I do agree that it is getting harder and harder to perform for businesses these days. At least that's my perception of it.

    On one hand you get new workers who feel they know everything because they studied and if you tell them that they actually know jack shit you're getting borderline close to facing a trial for harassment because how dare you.

    Then at the other end of the spectrum we often have governments who try to protect the rights of the employee's and sometimes that can outweigh that of an employer. This is definitely an issue in Europe where firing someone can actually backfire on you. Even if you can well establish that the individual is hurting your business.

    That fluke mentioned here would definitely be reason for dismissal for me, but I guess that's not how it works anymore.

    2 5 Reply
  2. Nick Ryan Silver badge

    About as good as the "training*" provider that was in the press the other week for fleecing the UK government for 'ludicrous' GDPR training: http://www.wired.co.uk/article/gdpr-parliament-house-of-commons-cost-data-protection

    Why? Because once you have a URL to their training site it's a trivial matter to manipulate the URL to see the list of other user organisations (even to access some of them), see a lot of setup details and a lot of documents that probably shouldn't be available online. Disclaimer: I didn't do anything more than change a URL and use their web server's provided directory listing, so no "hacking" required.

    Their other gem was a training module was that firmly rooted in the past decade, not working in many browsers due to the necessary popup restrictions, but at least it wasn't built using flash. The best part: you could print a completion certificate without even completing anything!

    * Training, as in doing their best to scare organisations into further training and consultation all the while getting basic GDPR principles wrong.

    3 1 Reply
  3. fnusnu

    "We take privacy very seriously"

    NO YOU FUCKING DON'T

    7 1 Reply
  4. Anonymous Coward
    Anonymous Coward

    "Ensure privacy and integrity of protected data by limiting access to only those who need it."

    Sure you do Rubrik. Just be glad you're not publicly traded, class action suits ensue.

    2 0 Reply
  5. EnviableOne

    Settings Issue

    Which admin is getting the can?

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like