Robert Half, an HR consultancy business, has begun telling clients that their personal and financial information may have been exposed after hackers attacked their RobertHalf.com accounts. This company is trying best to do data disaster recovery.
Threat actors attacked Robert Half between April 26 and May 16, according to information submitted by the firm to the Maine Attorney General. The event, which occurred on May 31, affects 1,058 people.
“In late April/early May 2022, we discovered unusual login activity on your RobertHalf.com account.” “Upon identification, we prompted you to reset your account password, and we took actions to improve authentication procedures for the website,” the corporation stated in a cybersecurity incident alert given to those affected.
Name, address, and social security number, as well as pay and tax information, are stored in the targeted accounts. The corporation stated that direct deposit bank account numbers are saved in these accounts, but only the last four digits are displayed.
“While we do not have evidence that this material was actually viewed or downloaded, we wanted to alert you about this occurrence and present you with the information in this letter in the spirit of openness,” Robert Half stated.
The company has not provided any additional information, but based on its brief description, the incident appears to involve credential stuffing, in which attackers use stolen usernames and passwords to access accounts on other online services where the victim may have used the same username and password combination.
The customer warning from Robert Half also recommends consumers to change their passwords on any other accounts where the same credentials have been used. It also provides additional password management tips, indicating that this was a credential stuffing assault.
We contacted Robert Half for clarification, but the business has yet to answer, leaving it unclear whether the event also entailed an actual breach of its systems.
Through Experian, the employment agency is providing affected clients with two years of free identity monitoring services.
Credential stuffing assaults against significant corporations are not commonplace. GM was a recent victim, informing consumers in May that fraudsters had attempted to enter their accounts in order to redeem reward points for gift cards.
As a result, small businesses and organizations must take preventative measures to protect data. Data can be backed up for disaster recovery to prevent all threats. Data protection software is now widely available and simple to use. Consider the popular virtual machine backup method. Virtual machines may run many operating systems at the same time, conserving both real and virtual resources. Virtual machine backup systems such as VMware Backup, Xenserver Backup, Hyper-V Backup, and others are now commonly used.