Millions of jobseekers could be at risk after private data leaked online by recruitment firm

News
By published

Hundreds of thousands of records found in unprotected database

An abstract image of a cloud raining data.
(Image credit: Pixabay)
  • Over 200,000 records of jobseekers were left exposed in a database
  • The records included sensitive PII that could be used in scams and fraud
  • It isn't known how long the database was left exposed, or who accessed it

Over two million records belonging to Alltech Consulting Services have been discovered by cybersecurity researcher Jeremiah Fowler in a non-password protected database.

Included within the exposed data is the personally identifiable information of over 216,000 job seekers, including names, phone numbers, email addresses, the last four digits of their SSN, passport numbers, and work authorization visa status.

Alltech Consulting Services work with over 1,000 organizations to source employees in the IT and engineering industries.

Latest Videos From

Tons of data exposed

The database has since had public access removed, but employer details were also contained within the database such as names, company names, email addresses, and phone numbers, along with applicant data including salary expectations, employment history, and if they were willing to relocate for the job.

Considering the general salary weighting for senior IT and engineering roles, many of those who have had their data leaked from the database would be prime targets for cybercriminals looking to extort victims in spear phishing campaigns or commit fraud and identity theft using their details.

The details contained within the database could also be used to target individuals with fake job offers, with Fowler pointing out that $737 million was lost to fake job offers between 2019 and 2023, with fake job scams rising by as much as 110% between 2022 and 2023.

“Although the records indicated the files belonged to Alltech, it is not known if they managed the unencrypted database or if it was managed by a third party," Fowler also stated in his writeup.

"It is also unknown how long the records were exposed or if anyone else accessed them, as only an internal forensic audit can identify that information.”

The FBI recently released a warning about a series of job offers that scam victims out of cryptocurrency, and web developers have been targeted with malware hidden in Python packages by North Korean hackers.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.