Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review.
Sales staff at Regus had been recorded showing researchers posing as clients around office space available to rent.
Information about the employees was later published on Trello, a task-management website.
And a spreadsheet with names, address and job performance data was found via Google by the Telegraph newspaper.
The names and addresses of hundreds of the researchers, contracted from a company called Applause by Regus parent company IWG, were also included.
“Team members are aware they are recorded for training purposes and each recording is shared with the individual team member and their coach to help them become even more successful in their roles,” IWG said.
“We are extremely concerned to learn that an external third-party provider, who implemented the exercise, inadvertently published online the outcomes of an internal training and development exercise.
“As our primary concern we took immediate action and the external provider has now removed the content.”
The data breach has not been reported to the UK’s Information Commissioner’s Office.
BBC News has asked the Luxembourg data commissioner if the breach has been reported there instead and contacted Applause for comment.
An Applause spokesman said: “Since being made aware of this issue, we have reiterated our [information security] policies with our worldwide employees and have run an internal audit to confirm that there are no other unapproved third-party software tools being used in any client engagements.”