• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » 440GB of data from US-based temporary staffing agency leaked on hacker forum

440GB of data from US-based temporary staffing agency leaked on hacker forum

by Edvardas Mikalauskas
14 December 2020
in Security
0
Automated Personnel Services data leaked on hacker forum
88
SHARES

A 440GB archive that purportedly belongs to Automation Personnel Services, a US-based temporary employment agency, has been leaked on a popular hacker forum. Automation Personnel Services says the post-breach investigation “is currently ongoing and the scope and nature of the data impacted is not yet confirmed.”

According to the forum post, the archive includes confidential company data and sensitive documents related to Automation Personnel Services users, partners, and employees, such as accounting and payroll data, as well as various legal documents.

The archive was leaked on November 24. It appears to have been made public as a consequence of a failed negotiation with cybercriminals, after Automation Personnel Services apparently refused to pay the ransom.

A picture containing text, screenshot, monitor, screen  Description automatically generated

“The data is preloaded and will be automatically published if you do not pay.”

Ransomware message seen in the forum post

We asked Automation Personnel Services if they could confirm that the leak was genuine, and whether they have alerted their partners and customers. According to Randy Watts, executive vice president at Automation Personnel Services, the company is “working with a third-party forensic investigation firm to determine the nature and scope of this event.”

“Protecting the information in our possession and the security of our systems is a top priority. We have and will continue to implement further enhancements in our security and response measures, including the notification to any impacted parties as necessary.”

Randy Watts, EVP at Automation Personnel Services

What data has been leaked?

The leaked data appears to come from Automation Personnel Services, which lists itself as “one of the leading temporary staffing agencies” in America, with more than 30 locations across the US. Established in 1990, the company offers its services to employers and job seekers from the manufacturing, technical, automotive, and other industries. 

Based on the samples we saw from the leaked archive, it appears to contain confidential company data from the past four years (2017-2020) and includes:

  • Corporate accounting and payroll data
  • Legal documents, including bank audit data and financial agreements
  • HR information about Automation Personnel Services employees
  • Customer and partner records, including names, addresses, and phone numbers

Example of leaked accounting data:

A picture containing graphical user interface  Description automatically generated

Example of leaked APS employee data:

Graphical user interface  Description automatically generated

Who had access to the data?

Since the data was made freely available in the final week of November, it’s safe to assume that multiple users of the hacker forum where it was posted had access to the data.

On the other hand, it’s unclear how many users actually downloaded the entire 440GB archive, and of that, how many are using that data for illicit purposes.

What’s the impact of the leak?

Most of the data in the archive seems to be corporate rather than personal in nature. From what samples of the leaked archive we were able to access, however, it appears that at least 30 files in the archive contain personal information of Automation Personnel Services employees, including the last 4 digits of their social security numbers.

With personal employee data and company audit information in hand, cybercriminals could:

  • Impersonate employees to gain unauthorized access to the company’s resources and confidential information
  • Carry out spear-phishing attacks against employees and their family members
  • Steal the exposed employees’ identities and take out loans, apply for credit cards, or even collect tax refunds in their name

Furthermore, attackers could sell confidential company data to competitors for business intelligence and corporate espionage purposes. For example, one of the files in the archive listed Automation Personnel Services partners, and that information might be used by the competition to lure the clients away from the hacked company.

Next steps

If you work at Automation Personnel services or have an account on apstemps.com, there’s a good chance your data has been leaked. For that reason, we recommend you:

  • Set up identity theft monitoring via your financial institution of choice
  • Review recent activities on your online accounts and watch out for suspicious emails, messages, and requests

For companies that wish to avoid becoming victims of a ransomware attack, here are a few basic precautions that your organization should have in mind:

  • Encrypt your confidential data with a salted secure encryption algorithm. That way, even if an attacker would manage to steal your data, they’d have no use for it because it would be inaccessible without an encryption key
  • Use an intelligent threat detection system or a security incident event management system, which can inform you of a data breach before the data is downloaded by the attackers
Share88TweetShareShare

Related Posts

Teespring data leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

25 January 2021
Covid-19 vaccine

Covid vaccines are now an excuse to launch phishing attacks

22 January 2021
MyFreeCams data leaked on hacker forum

MyFreeCams hack: 2 million user records stolen from top adult streaming site and sold on hacker forum

21 January 2021
Nohow International leaks sensitive worker data

12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency

19 January 2021
Next Post
Social media networks

Tech giants face fine of up to 10% of turnover for EU rule breaches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83034 shares
    Share 83024 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Facebook is tracking you: learn how to delete all Facebook data

    57 shares
    Share 57 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    69 shares
    Share 69 Tweet 0
  • Custom mechanical keyboards – 17 coolest ones we’ve ever seen

    442 shares
    Share 441 Tweet 0
Teespring data leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

25 January 2021
Italy consumer association sues Apple for planned iPhone obsolescence

Italy consumer association sues Apple for planned iPhone obsolescence

25 January 2021
Google on laptop and mobile

Google vs Australia: The Battle of the Precedents

25 January 2021
Makers of Sophia the robot plan mass rollout amid pandemic

Makers of Sophia the robot plan mass rollout amid pandemic

25 January 2021
Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Is there life on Mars?

Is there life on Mars?

22 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!