Who: AIESEC

# of Accounts Breached: Over 4 million intern applications

What was affected: Applicant’s name, gender, date of birth, and the reasons why the person was applying for the internship. The database also contains the date and time when an application was rejected.

When it happened: Discovered January 2019

How it happened: Bob Diachenko, an independent security researcher, found an unprotected Elasticsearch database containing the applications on January 11, a little under a month after the database was first exposed.

Outcome: The agency informed Dutch data protection authorities of the exposure three days after the exposure.