Collabera hacked: IT staffing'n'services giant hit by ransomware, employee personal data stolen

Crooks made off with everything needed for ID theft

10 Reg comments Got Tips?

Exclusive Hackers infiltrated Collabera, siphoned off at least some employees' personal information, and infected the US-based IT consultancy giant's systems with ransomware.

We understand this swiped data included workers' names, addresses, contact and social security numbers, dates of birth, employment benefits, and passport and immigration visa details. Basically, everything needed for identity theft. The recruitment'n'staffing biz, which employs more than 16,000 people globally and banks hundreds of millions of dollars a year in sales, does not believe the lifted records have been used for fraud.

Collabera could not be reached for comment, though El Reg has seen a copy of the internal memo sent to staff disclosing the details of the leak. File-scrambling malware was detected on the IT consultants' network on June 8, and within a couple of days, it emerged at least some data had been stolen, according to the business.

Collabera identified malware in its network system consistent with a ransomware attack

"On June 8, 2020, Collabera identified malware in its network system consistent with a ransomware attack," Collabera wrote in the letter, dated mid-July and signed by HR senior director Mike Chirico.

"We promptly restored access to our backup files and immediately launched an investigation to determine the nature and scope of the event. On June 10, we became aware that the unauthorized party obtained some data from our system. We are working with outside experts and law enforcement to conduct a more detailed review of the incident."

Based out of New Jersey, Collabera offers companies IT services and staffing. That includes hiring out tech workers, hence the cache of personal data that was accessed by the miscreants.

"At Collabera, we reach out a hand to turn the search into a companionable, supportive journey," the company said on its website.

"A journey that certainly doesn’t inspire groaning, and one that no one ever takes alone."

So was this ransomware, or a data leak?

In this case, it appears that miscreants tried to encrypt and stole data. This has become the norm among ransomware gangs; crooks have taken to exfiltrating data as well as encrypting it. These days, victims aren't just paying the ransom to potentially restore their information, they're also paying to prevent the stolen data from being leaked or sold on by the extortionists.

In June, the Maze ransomware group – known for stealing and leaking corporate confidential data – claimed to have hacked Collabera.

Now Collabera is offering its staff two years of credit and identity monitoring services through Experian. (Yes, the same Experian that was once relieved of records on 15 million folks in the US.)

Workers who receive the letter are said to have until October 31 to register themselves for the monitoring service: "We strongly encourage you to review your bank, credit card, and other financial statements regularly. If you see any transactions you don't recognize or which appear suspicious, notify your financial institution immediately, as well as Experian." ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020