Ransomware attack on Leaders Staffing impacted close to 52,000 customers

News23 Oct 2024

Leaders Staffing, a staffing company based in Fort Wayne, Indiana, said that the data security incident it suffered earlier this year compromised the sensitive personal information of more than 50,000 individuals.

In a data security incident notice filed with the office of Maine Attorney General, Leaders Staffing said that on January 11, it identified unusual activity in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“After conducting an investigation, we determined that our network was subject to unauthorised access on January 11, 2024, and that certain files were potentially accessed by an unknown actor who accessed the network,” reads the notice.

The staffing company said the compromised data included names, addresses, Social Security numbers, driver’s license numbers, financial account information, and medical information. Its filing with the Maine state regulator also revealed that at least 51,929 individuals were impacted by the incident.

“Upon discovering the unusual activity, we took steps to further increase the security of our network. As part of our ongoing commitment to the privacy of information in our care, we implemented additional technical security measures designed to prevent similar future incidents,” the company added.

Leaders Staffing has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

In February, the Play ransomware group claimed responsibility for the cyber attack on Leaders Staffing and listed it as a victim on its data leak site. The group claimed to be in possession of confidential company data, including client documents, budget, IDs, payroll, taxes, financial data and more.

The group gave the staffing company a deadline of five days to meet its ransom demands, threatening to leak the stolen data if the money wasn’t paid. It is unclear whether the company paid a ransom to regain access to the stolen data.