The Computer Merchant (TCM), a US IT-focused staffing firm, suffered a breach last year. However, it was not known that personal information was exposed until nearly six months later.
TCM has recently started contacting tens of thousands of individuals whose personal information was exposed in the 2024 data breach. According to the company, it suffered a data breach in July last year and responded by wiping and restoring the firm’s computer assets.
“At the time, our investigation did not uncover that personal information had been acquired by an unauthorized third party,” reads TCM’s data breach notice.
However, in January 2025, an IT staffer learned of claims that the data from the 2024 incident was made public online. A subsequent investigation revealed that numerous individuals had their details exposed.
Information that TCM submitted to the Maine Attorney General’s Office revealed that over 34,000 people had their personal details exposed. The data breach notice indicates that the attackers may have accessed names and Social Security numbers (SSNs).
While not extensive, the data breach does enable cybercriminals to attempt identity theft or target users with phishing scams. For one, potential attackers are aware that TCM focuses on IT-related staff. Armed with this info, they could try to craft convincing phishing emails, impersonating staffers or job-search-related requests.
North Korean hackers are known to deploy similar tactics against job seekers. They pretend to be recruiters and target freelance developers, trying to coax them into downloading infostealers. Information on IT staff looking for jobs could be a gold mine for this type of attacker group.
Staffers and recruiters are always on cybercriminals’ radar as they often store large swaths of personal information. Last year, attackers targeted the French governmental employment agency, France Travail, exposing personal details of 43 million people.
To help potentially impacted individuals combat cybersecurity risks, TCM said it will offer complimentary identity theft-protection services from a third party. People who may have been impacted by the cyberattack are also advised to “remain vigilant for any signs of unauthorized financial activity.”
Your email address will not be published. Required fields are markedmarked