Spotted by our eagle-eyed Webmaster: The only way a pilot can apply for a
job at Ryanair is via the internet. The recruitment data contains credit card
information because Ryanair refuses to consider applications unless a £50
fee is paid.

Sensitive personal information, such as credit card details, health records
and career history, is collected by the unsecured site and sent in unencrypted
email to the company's back office.

Ryanair admits that its online recruitment website has a serious security
flaw which exposes job seekers' details to the eyes of crackers and
unencrypted emails could breach Data Protection Act.

Phil Robinson, managing consultant at Information Risk Management, pointed
out that the inclusion of credit card details made the vulnerability “very
serious”. Unlike personal data, credit card details can easily be turned
into money.

Embarrassingly for the airline, this vulnerability is easy and cheap to
avoid. Secure socket layer (SSL) security, the encryption feature in the
software, should be switched on and the company then has only to spend a few
hundred pounds on a digital certificate to ensure that data is sent to the
correct party instead of to a rogue server.

Ryanair's recruitment site states explicitly that applicants'
information will remain confidential. “That is clearly incorrect,”
said Robinson. “The way the data is submitted is totally
unconfidential.”
Source: By Liesbeth Evers, Network News [31-10-2001]