TalentLaunch says 2023 data breach affected close to 120,000 individuals

Ohio-based recruitment firm TalentLaunch said that the data security incident it suffered last year compromised the sensitive personal information of close to 120,000 individuals.

 

Founded in 2016, Alliance Solutions Group, doing business as TalentLaunch, offers business solutions to small-to-midsize staffing and recruitment firms. Its offerings include creative marketing and accounting and payroll services as well as strategy support.

 

In a recent data breach notice filed with the Office of the Maine Attorney General, TalentLaunch said that on May 31, it identified suspicious activities in its internal network. The company immediately launched an internal investigation, with assistance from third party cyber security experts, to understand the nature and scope of the incident.

 

The investigation revealed that a threat actor accessed and stole certain data from the company’s internal network. The compromised data included names and other personal identifiers and financial account numbers, credit and debit card numbers along with their security codes, access codes, passwords and PINs for the accounts and protected health information.

 

TalentLaunch said in its filing with the state regulator that at least 119,261 individuals were impacted by the data breach.

 

“Upon learning of the incident, we immediately took steps to secure our network and mitigate against any additional harm. While cyber security threats continue to impact all of us, we are taking ever-increasing measures to protect the information entrusted to us,” it said in a letter to affected customers.

 

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information. In response to this incident and through our continuing comprehensive review, we have strengthened our network and implemented additional security improvements recommended by third-party cyber security experts,” it added.

 

While TalentLaunch did not find any evidence of the compromised data being misused, the possibility for the same cannot be ruled out. The company has urged all affected individuals to remain vigilant, review their credit reports and financial statements on a regular basis, and report suspicious transactions to relevant law enforcement authorities. 

 

It is also offering one year of complimentary credit monitoring and identity theft protection services through TransUnion to all the individuals affected by the data breach.

 

Last year, Weymouth, Massachusetts-based BHI Energy, that provides staffing solutions and other services to companies in the oil & gas, power generation, and transmission & distribution industries, also suffered unauthorised access to certain systems hosted in its internal network.

 

“After a thorough investigation, on September 1, 2023, BHI learned that certain BHI business records stored in BHI’s network, including some records that contained personally identifiable information (“PII”), were subject to unauthorised access,” the company said in its data breach notice.

 

The company later confirmed that the infamous Akira ransomware gang infiltrated its internal network and stole 690GB of uncompressed data, including a copy of its Active Directory database.