Critical Security Flaw Found in HR Systems Affecting Millions of Ukrainians
Data Security in HRM: Why Architecture Matters
According to Hurma Blog — HR: In today's human resource management landscape, data security has become a pressing concern-especially when handling sensitive employee and client information. A recent analysis by HURMA compared Multi-tenant and Single Tenant architectures, concluding that Single Tenant offers superior protection for confidential HR data. Unlike Multi-tenant systems, which share infrastructure across clients, Single Tenant creates a separate, isolated data environment for each customer.
Major data breaches at Allianz Life and Capita highlight the dangers of shared infrastructure. In 2025, Allianz Life confirmed a breach affecting most of its 1.4 million U.S. clients. That same year, a British regulator fined Capita £14 million after a 2023 cyberattack compromised the personal data of 6.6 million individuals. These incidents underscore the risks tied to storing data on shared platforms.
Legal Framework and HURMA's Position
Ukraine enforces the Law on Personal Data Protection, while GDPR serves as an additional benchmark for Ukrainian companies handling EU client data. Within this context, HURMA positions itself as the only system in Ukraine built on a Single Tenant architecture.
“Companies handling sensitive information often come to us because we use Single-Tenant architecture. Each company’s data is isolated, whereas in other products, data from multiple companies-sometimes competitors-is stored together. This is the best model, and it’s the only one on the market.” - Volodymyr Fedak, CEO of HURMA
Discussing data security, HURMA also notes that up to 43% of HR team time can be spent on operational tasks, highlighting the need for efficient data management. For fast-growing firms, as well as those in mil-tech, fintech, healthcare, and healthtech, Single Tenant is especially critical. Natalia Vysotska, Head of HR at codeIMPL, shared her experience:
“We previously tried one of the popular Ukrainian systems and were very dissatisfied. One time, their privacy settings completely broke. Luckily, I checked in on a Friday evening, saw the issue, and fixed the access in time. After that, we switched to HURMA.”
Choosing the right HRM system architecture is a critical decision. Technical teams evaluating systems should consider the following:
- where data is stored,
- how it is isolated,
- who has access,
- how integrations work,
- what happens during an incident,
- how the system supports auditing, and whether the architecture aligns with internal security policies.
In this context, three main pillars of security emerge: the number and scale of incidents, personal data processing requirements, and the maturity of the SMB segment.
As data security in HRM systems grows increasingly urgent, selecting an architecture that ensures proper protection is a top priority for many organizations.
This report underscores the importance of safeguarding personal data in human resource management, especially amid rising cybersecurity threats. Given recent high-profile data leaks, Single Tenant architecture may become a decisive factor for enterprises aiming to ensure data confidentiality and regulatory compliance. In light of new market challenges, companies must carefully choose solutions that meet their information security needs and legal obligations.
As companies increasingly prioritize data security, understanding the implications of architecture choice is crucial. With only a small fraction of businesses achieving AI maturity, the need for robust systems like HURMA's Single Tenant architecture becomes even more evident. This model not only protects sensitive information but also enhances operational efficiency. For a deeper dive into the current state of AI integration in businesses, read more about companies' progress towards AI maturity.
Read also
