Morgan Hunt, a recruitment agency in the UK, confirms suffering from a cyberattack that compromised their databases that contains clients’ personal information. In a statement, the agency said that an unauthorised entity had accessed one of its databases that could have copied them, which poses risks to the affected individuals.
The UK-based recruitment agency provides personnel services to clients from several sectors, including finance, government, education, technology, and housing.
According to the report, a third-party developer has improperly stored their clients’ credentials in their database, which was then accessed by the unauthorised entity. After learning about the incident, Morgan Hunt immediately took proper measures and teamed up with cybersecurity groups to help them investigate and resolve the incident.
Based on the investigation, the hackers have managed to access Morgan Hunt’s database, which includes contractor names, contact details, classified identification files, insurance numbers, and birthdates. Among many clients, some affected firms include YMCA, United Colleges Group, Tower Hamlet Homes, Dorset Council, and Buckinghamshire Council.
The recruitment agency highlighted that despite having no proof of compromise, their contractors are still advised to be cautious.
The investigation of the incident showed no clue about using the clients’ database for criminal intentions. Still, the recruitment agency had to inform their clients to be vigilant since threat actors are known to exploit stolen databases for cybercrime, including fraud, identity theft, and phishing.
The affected clients of Morgan Hunt must actively monitor their online situation and be on the lookout for suspicious behaviours from unknown entities that attempt to use their information for cybercrime.
Recruitment agencies, like Morgan Hunt, are amongst the many sectors victimised by threat actors for cyberattacks, such as hacking into their servers to steal sensitive information to be used for further malicious activities.
Previously, two other recruitment firms were also targeted by threat actors: Optionis and Giant Pay. Both of these organisations had suffered from a data breach incident that compromised their databases at the hands of the hackers.
