The service sector union Ver.di has made public an internal data leak at SAP. Sensitive information from the workforce is said to have been widely accessible. Credit: Peter Sayer/IDG With the victory in the SAP works council elections behind them, the unions are taking a confrontational stance with the software company. The Ver.di works group says it has discovered a data leak in SAP’s internal systems and is now demanding a full explanation. The leak affects the “SAP Interactive Broadcast” online service, which was developed internally and is only accessible to SAP employees and is used for employee and works council meetings. In addition to audio and video information, the service also offers the option of asking questions and voting on them, it said. These functions should be anonymous by default. However, according to the Ver.di group in the SAP Works Council, all questions and the voting behavior on them could be clearly assigned to individual persons over the years. In addition, this information was automatically uploaded to all computers participating in the meetings and was thus effectively accessible to the entire workforce. “Traceability was trivial to establish. An experienced programmer could spot the error at first glance,” states Andreas Hahn, a member of the Ver.di works council. Union representatives report that the company stopped the traceability promptly after Ver.di’s internal works group reported the matter to the internal cyber security department and recently communicated the incident internally to the workforce. However, many questions still remain unanswered. Exposing employees violates democratic principles “The employer must fully clarify the data leak incident,” said Christine Muhr, SAP corporate counsel for Ver.di. “Personal data protection must be safeguarded with the highest priority, as must the vested right to freedom of expression in companies. Where this is not guaranteed, employees effectively become people under surveillance. That would be a violation of democratic principles.” Trade unionist Hahn demands that SAP “provide full transparency to the workforce and co-determination bodies about how long this traceability was already possible and which internal events were affected.” In addition, any data that may still exist would have to be deleted in a verifiable manner and the technical details about how the service works would have to be shared with the worker representatives. SAP says data protection is a top priority SAP acknowledges that there was a privacy issue. “In this case, the alertness of a colleague enabled a theoretically possible circumvention of our security measures to be uncovered and immediately remedied,” the software company said in a statement. “Data protection is a top priority for SAP, and we respect the privacy of every individual.” Internal tools are regularly checked and kept up to date, it said. As part of this, the team members also review the relevant technical security requirements. Translated from an article published by CIO.com’s German sister publication, Computerwoche: “Hat SAP seine Mitarbeiter ausspioniert?“ Related content brandpost Sponsored by Broadcom Opening more opportunities for VMware Cloud Service Providers By Ahmar Mohammad, Broadcom VP, Partners, Managed Services, and Solutions GTM May 07, 2024 4 mins Cloud Computing news Red Hat seeks to shrink IT skills gap with Lightspeed gen AI Building on the success of Ansible Lightspeed, Red Hat will extend generative AI capabilities across its platforms, including Red Hat OpenShift and Red Hat Enterprise Linux. By Thor Olavsrud May 07, 2024 5 mins Red Hat Generative AI IT Skills feature CDOs’ biggest problem? Getting colleagues to understand their role Chief data officers face several challenges, including new demands from AI, but they must also sell the value of their jobs to coworkers unsure what CDOs do. By Grant Gross May 07, 2024 7 mins Chief Data Officer Data Governance Business IT Alignment interview SAP forecasts clarity in the cloud After customers and user groups that adopted S/4HANA early accused SAP of bait-and-switch tactics, CIO editor-in-chief in Germany Martin Bayer recently sat with Christian Klein, CEO of the multinational software company, to clear the air on cloud rea By Martin Bayer May 07, 2024 5 mins SAP Generative AI Cloud Architecture PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe