The service sector union Ver.di has made public an internal data leak at SAP. Sensitive information from the workforce is said to have been widely accessible. Credit: Peter Sayer/IDG With the victory in the SAP works council elections behind them, the unions are taking a confrontational stance with the software company. The Ver.di works group says it has discovered a data leak in SAP’s internal systems and is now demanding a full explanation. The leak affects the “SAP Interactive Broadcast” online service, which was developed internally and is only accessible to SAP employees and is used for employee and works council meetings. In addition to audio and video information, the service also offers the option of asking questions and voting on them, it said. These functions should be anonymous by default. However, according to the Ver.di group in the SAP Works Council, all questions and the voting behavior on them could be clearly assigned to individual persons over the years. In addition, this information was automatically uploaded to all computers participating in the meetings and was thus effectively accessible to the entire workforce. “Traceability was trivial to establish. An experienced programmer could spot the error at first glance,” states Andreas Hahn, a member of the Ver.di works council. Union representatives report that the company stopped the traceability promptly after Ver.di’s internal works group reported the matter to the internal cyber security department and recently communicated the incident internally to the workforce. However, many questions still remain unanswered. Exposing employees violates democratic principles “The employer must fully clarify the data leak incident,” said Christine Muhr, SAP corporate counsel for Ver.di. “Personal data protection must be safeguarded with the highest priority, as must the vested right to freedom of expression in companies. Where this is not guaranteed, employees effectively become people under surveillance. That would be a violation of democratic principles.” Trade unionist Hahn demands that SAP “provide full transparency to the workforce and co-determination bodies about how long this traceability was already possible and which internal events were affected.” In addition, any data that may still exist would have to be deleted in a verifiable manner and the technical details about how the service works would have to be shared with the worker representatives. SAP says data protection is a top priority SAP acknowledges that there was a privacy issue. “In this case, the alertness of a colleague enabled a theoretically possible circumvention of our security measures to be uncovered and immediately remedied,” the software company said in a statement. “Data protection is a top priority for SAP, and we respect the privacy of every individual.” Internal tools are regularly checked and kept up to date, it said. As part of this, the team members also review the relevant technical security requirements. Translated from an article published by CIO.com’s German sister publication, Computerwoche: “Hat SAP seine Mitarbeiter ausspioniert?“ Related content feature TransUnion transforms its business with IT On the heels of its Neustar acquisition, the consumer credit reporting agency seeks to give customers access to its troves of consumer data to fuel next-generation services through solutions platform OneTru. By Paula Rooney Apr 26, 2024 6 mins Financial Services Industry Digital Transformation Artificial Intelligence feature The 10 highest-paying industries for IT talent The tech industry isn’t the only hot spot for IT jobs, as there’s a growing demand for IT pros across every industry. These 10 verticals pay the most for IT roles, according to data from Dice. By Sarah K. White Apr 26, 2024 7 mins Salaries IT Jobs Careers brandpost Sponsored by Palo Alto Networks M&A action is gaining momentum, are your cloud security leaders prepared? Direct visibility is critical in M&A, and cloud-native application protection platforms (CNAPP) are ideal to provide this capability. By Amol Mathur, SVP & GM of Prisma Cloud, Palo Alto Networks Apr 25, 2024 4 mins Cloud Management news CIOs eager to scale AI despite difficulty demonstrating ROI, survey finds CIOs prioritize integrating AI into their organizations alongside cybersecurity, according to a new survey. By Sandeep Budki Apr 25, 2024 5 mins Artificial Intelligence PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe