CDU applicant data leak: those affected should be informed promptly
The CDU has reported the data leak in its applicant portal to the Berlin data protection authority. Those affected are now to be informed.
(Image: Electric Egg/Shutterstock.com)
On Friday, the CDU notified the Berlin data protection supervisory authority responsible for its party headquarters of a data leak within the 72-hour deadline and now wants to inform those affected promptly.
At the beginning of June, heise online informed the CDU of an error in the configuration of a Drupal configuration used for applications and contacted the Berlin state data protection authority at the same time. After the platform was shut down, heise online published the report. At this point, a link to the report, which had been brought to the attention of heise online, had already been circulating on relevant websites for several days.
According to the official notification from the Christian Democratic Union of Germany to the Berlin data protection commissioner, "the first and last names of around 3,500 people were publicly visible due to errors in the development or configuration of the software", a spokesperson for the authority said on request. As reported by heise online, this concerns "applicants for job advertisements at the CDU federal office and branches who have registered on the application portal since 2016."
CDU application portal, still switched off
On Tuesday afternoon, the Drupal instance at jobs.cdu.de was still down, with a maintenance mode page displayed instead. "As far as we know, the person responsible intends to notify those affected in the near future and we also consider this to be necessary," said the spokesperson for the Berlin data protection officer. A test account set up by heise online has not yet received any notification.
The state data protection commissioner is currently examining the measures taken by the party in the case of both the applicant leak and the politically much more sensitive hacker attack on the CDU. A further examination of the CDU's data protection measures as a whole could also be the result of these initial audits.
Considering the current IT problems in the Konrad Adenauer House, however, the fear of possible measures by the data protection supervisory authority is probably the least of the party leadership's worries at present.
(olb)
