Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
The database that was not protected by a password turned out to be available to everyone.
Cybersecurity specialist Jeremiah Fowler discovered an unsecured database containing confidential information of about 200 thousand professionals looking for work in the technology sector. The leak is related to Alltech Consulting Services, a company that recruits IT specialists for employers in the United States and Canada.
More than 2.3 million records were in the public domain. The document folder contained the personal data of approximately 216,000 job seekers, including names, phone numbers, email addresses, the last four digits of Social Security numbers, passport numbers and information about the availability of work visas. In addition, the database included internal notes on candidates' qualifications, work experience, and desired positions.
Alltech Consulting Services, based in New Jersey, partners with more than a thousand companies to recruit IT and engineering professionals. After the breach was notified, public access to the database was closed the next day. However, the company did not respond to the issue notification. It remains unknown whether the company managed the unencrypted database on its own or through a third-party contractor, as well as the period during which the data was publicly available.
The records also contained information about employers, including company names, contact details, as well as information about candidates' salary expectations and readiness to relocate. A significant part of the files contained notes that applicants had an H-1B visa, a non-immigrant visa that allows American companies to hire foreign specialists in technical fields.
According to forecasts, from 2022 to 2032, about 377.5 thousand vacancies will open annually in the computer and IT industry. Professionals in the technology sector earn one of the highest salaries, averaging more than $100k per year, well above the U.S. median salary of $48,060 in 2023.
Highly paid professionals can be an attractive target for cybercriminals. Access to passport numbers and partial social security numbers, combined with information about education, work experience, and income level, can be used to create targeted phishing campaigns.
Statistics show an increase in fraud in the field of employment. In the United States, losses from fake job offers from 2019 to 2023 amounted to $737 million. According to the Federal Trade Commission, employment fraud increased by 110% in 2023 compared to 2022, when job seekers lost about $367 million. The average damage is 12 thousand dollars per person.
H-1B visa holders are at particular risk, as foreign professionals need official support from a U.S. employer to work in the United States. Dependence on a sponsoring company can make visa holders more vulnerable to scammers who promise to help them find a job with all the necessary paperwork. Attackers can also use the obtained data to organize fraudulent schemes related to immigration services.
Source
Cybersecurity specialist Jeremiah Fowler discovered an unsecured database containing confidential information of about 200 thousand professionals looking for work in the technology sector. The leak is related to Alltech Consulting Services, a company that recruits IT specialists for employers in the United States and Canada.
More than 2.3 million records were in the public domain. The document folder contained the personal data of approximately 216,000 job seekers, including names, phone numbers, email addresses, the last four digits of Social Security numbers, passport numbers and information about the availability of work visas. In addition, the database included internal notes on candidates' qualifications, work experience, and desired positions.
Alltech Consulting Services, based in New Jersey, partners with more than a thousand companies to recruit IT and engineering professionals. After the breach was notified, public access to the database was closed the next day. However, the company did not respond to the issue notification. It remains unknown whether the company managed the unencrypted database on its own or through a third-party contractor, as well as the period during which the data was publicly available.
The records also contained information about employers, including company names, contact details, as well as information about candidates' salary expectations and readiness to relocate. A significant part of the files contained notes that applicants had an H-1B visa, a non-immigrant visa that allows American companies to hire foreign specialists in technical fields.
According to forecasts, from 2022 to 2032, about 377.5 thousand vacancies will open annually in the computer and IT industry. Professionals in the technology sector earn one of the highest salaries, averaging more than $100k per year, well above the U.S. median salary of $48,060 in 2023.
Highly paid professionals can be an attractive target for cybercriminals. Access to passport numbers and partial social security numbers, combined with information about education, work experience, and income level, can be used to create targeted phishing campaigns.
Statistics show an increase in fraud in the field of employment. In the United States, losses from fake job offers from 2019 to 2023 amounted to $737 million. According to the Federal Trade Commission, employment fraud increased by 110% in 2023 compared to 2022, when job seekers lost about $367 million. The average damage is 12 thousand dollars per person.
H-1B visa holders are at particular risk, as foreign professionals need official support from a U.S. employer to work in the United States. Dependence on a sponsoring company can make visa holders more vulnerable to scammers who promise to help them find a job with all the necessary paperwork. Attackers can also use the obtained data to organize fraudulent schemes related to immigration services.
Source
