Millions of jobseekers could be at risk after private data leaked online by recruitment firm

News
By
published

Hundreds of thousands of records found in unprotected database

An abstract image of a cloud raining data.
(Image credit: Pixabay)
  • Over 200,000 records of jobseekers were left exposed in a database
  • The records included sensitive PII that could be used in scams and fraud
  • It isn't known how long the database was left exposed, or who accessed it

Over two million records belonging to Alltech Consulting Services have been discovered by cybersecurity researcher Jeremiah Fowler in a non-password protected database.

Included within the exposed data is the personally identifiable information of over 216,000 job seekers, including names, phone numbers, email addresses, the last four digits of their SSN, passport numbers, and work authorization visa status.

Alltech Consulting Services work with over 1,000 organizations to source employees in the IT and engineering industries.

Tons of data exposed

The database has since had public access removed, but employer details were also contained within the database such as names, company names, email addresses, and phone numbers, along with applicant data including salary expectations, employment history, and if they were willing to relocate for the job.

Considering the general salary weighting for senior IT and engineering roles, many of those who have had their data leaked from the database would be prime targets for cybercriminals looking to extort victims in spear phishing campaigns or commit fraud and identity theft using their details.

The details contained within the database could also be used to target individuals with fake job offers, with Fowler pointing out that $737 million was lost to fake job offers between 2019 and 2023, with fake job scams rising by as much as 110% between 2022 and 2023.

“Although the records indicated the files belonged to Alltech, it is not known if they managed the unencrypted database or if it was managed by a third party," Fowler also stated in his writeup.

"It is also unknown how long the records were exposed or if anyone else accessed them, as only an internal forensic audit can identify that information.”

The FBI recently released a warning about a series of job offers that scam victims out of cryptocurrency, and web developers have been targeted with malware hidden in Python packages by North Korean hackers.

You might also like

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
Security padlock and circuit board to protect data
A major US TV broadcaster leaked over a million sensitive files online
healthcare
Over a million clinical records exposed in data breach
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
AI development service Builder.ai potentially exposed over 1TB of user data
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
A hand reaching out to touch a futuristic rendering of an AI processor.
Google Cloud unveils new AI Protection security tools, no matter which model you use
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Latest in News
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
ChatGPT WhatsApp
New survey suggests the vast majority of iPhone and Samsung Galaxy users find AI useless – and to be honest, I’m not surprised
A hunter holds up a Grav Bowfin and smiles
How to catch a Gravid Bowfin in Monster Hunter Wilds
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 7 (game #1138)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 7 (game #369)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 7 (game #635)
More about security
A hand reaching out to touch a futuristic rendering of an AI processor.

Google Cloud unveils new AI Protection security tools, no matter which model you use
An American flag flying outside the US Capitol building against a blue sky

Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
The MacBook Air M2 on a blue background with text saying Price Cut.

The best MacBook Air (M4) preorder deal is at Best Buy – how to score the new Apple laptop for as little as $449
See more latest
Most Popular
A hand reaching out to touch a futuristic rendering of an AI processor.
Google Cloud unveils new AI Protection security tools, no matter which model you use
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 7 (game #369)
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 7 (game #1138)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 7 (game #635)
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
ChatGPT WhatsApp
New survey suggests the vast majority of iPhone and Samsung Galaxy users find AI useless – and to be honest, I’m not surprised
The DJI Mavic 3 Pro in flight over some mountains
Upcoming DJI Mavic 4 Pro premium drone could deliver new camera skills and LiDAR – here’s what the latest leaks tell us
A hunter holds up a Grav Bowfin and smiles
How to catch a Gravid Bowfin in Monster Hunter Wilds
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed