Immediately upgrade your IceHrm installation to v30.0.0. This version is fixing a critical security issue related to file storage.
Visit IceConnect module, under System => Ice Connect and make sure no errors are displayed. If your icehrm is not secure it should display some errors such as this one:
This means your uploaded documents are not secure. For uploaded documents icehrm generates random names, but if the file name is known it can be retrived by anyone.
How to fix this:
For Apache: In the latest release we have added .htaccess file to data directory to prevent access. But if this error is still shown please consult your server admin to review the .htaccess file and make changes accordingly.
For Nginx: add the following location block in nginx virtual host file to prevent access to icehrm/app/data directory.