Kenexa is being sued (again). Elance, an IT and contract outsourcing firm, has been hacked, and user information stolen. And just in the nick of time, Cytiva is out with a white paper on (what else) ATS SaaS security.
Now, the details.
TechCrunch, the business blog about the tech industry, reports that outsourcer Elance had user information stolen via a security hole on its website.
Elance sent emails to its users alerting them to the hack and reassuring them that though name, email address, telephone number, city location, and Elance login data was stolen, no financial, Social Security numbers or credit card information was compromised.
Elance facilitates connections between information contractors and companies needing project help. Employers post jobs or RFPs and can also search the list of profiles to find a match. Professionals can bid on jobs. Elance collects a percentage for facilitating the match and handling the payments. Technical work predominates, but there are opportunities for marketers, contract sales, public relations and editorial and design workers.
Elance didn’t say how many records were stolen. The disclosure, though, comes at a time when TechCrunch has been in the news over its release of internal Twitter documents that it was sent by a hacker who gained access to an emplyee’s account.
With hacks making the news, it’s serendipitous that HR software provider Cytiva has come out with a white paper dealing with ATS security. (You may know the company better as the maker of SonicRecruit.)
The report understatedly admits that, “Despite all the benefits of SaaS applicant tracking systems, there have been a few bumps in the road with regard to data security.” It then goes on to mention three incidents, including the infamous Monster hack of August 2007.
“When it comes to HR data in general, since early 2006,” the report notes, “There typically have been four to six media accounts of HR data breaches per month, according to consulting firm HR Privacy Solutions.”
What’s particularly refreshing about this white paper is that it’s not a sales job for SonicRecruit. The paper actually offers helpful information for HR professionals concerned about the security of their system. (If you aren’t, you should be, especially if you use a SaaS-provisioned system.)
You may already be thinking about changing passwords and making sure the vendor has a tech staff that monitors the system for, among other things, suspicious activity. But would you think to ask your vendor about the physical security at the server site? Get the paper and you will.
First sued in June on allegations it didn’t disclose certain information it should have, Kenexa has now been sued by a second law firm sponsoring a second class action.
A legal piling on, the new suit by Barroway Topaz Kessler Meltzer & Check, LLP, repeats the same claims as the first: That in the summer and fall of 2007 Kenexa officials knew, but failed to report, that one of their bigger RPO customers wanted out of its contract; that sales cycles were lengthening, which meant revenue growth would be curtailed; that international sales were suffering; that financial controls needed improvement, and; because of that company executives had no reasonable basis for making the claims they did about Kenexa’s financial well-being.
The press release issued by the law firm doesn’t say how much is being sought by way of recovery. But based on the number of shareholders and the stock price differentials, it’s at least into the eight figures. (The stock price dropped by about a third on the day in 2007 when Kenexa released its quarterly financial report.)
Kenexa didn’t respond to a request for comment in June and hasn’t so far this time, either.
One coincidence that will at least make these cases “green” in the environmental sense: Kenexa and the two law firms are all in Pennsylvania, though, fittingly, Kenexa is at the western end and the lawyers are in the east.