Digital burglary at recruitment agency Morgan Hunt confirmed
Third-party software developer blamed for 'improperly storing credentials to our database'
The bad news keeps on rolling for British recruitment agency Morgan Hunt amid confirmation it suffered a digital burglary, with intruders making off with the personal data for some of the freelancers on its books.
In a letter to contractors, Morgan Hunt – which provides personnel services to clients in the charity education, finance, government, housing and technology sectors – confirmed the break-in:
Morgan Hunt recently experienced a cyber security incident, in which one of our databases was impacted and an unauthorized third party gained access to our systems. Unfortunately, our investigations have shown that some of your personal data was contained on the accessed database and may have been copied.
The agency, which hires out interim, contract and temporary staff, wrote the letter the end of last month, according to one source. We have asked the company specifically when the leak happened.
In the message to contractors, it confirmed a third-party software developer was "improperly storing credentials to our database.
“We discovered that we were compromised by an unauthorized third party as a result of this, leading to some candidate data being accessed. We immediately took steps to address the issue, including working with external IT cyber-security experts to help investigate, manage and resolve the incident."
The info accessed on the database included contractors' names, contact details, identity documents, proof of address documents (including any bank or building society statement provided), National Insurance number, and date of birth.
- Funky Pigeon pauses all orders after 'security incident'
- Emma Sleep Company admits checkout cyber attack
- UK Ministry of Defence takes recruitment system offline, confirms data leak
- UK criminal defense lawyer hadn't patched when ransomware hit
Clients of Morgan Hunt's recruitment services include United Colleges Group, YMCA, Dorset Council, Buckinghamshire Council and Tower Hamlet Homes.
As is typical in these types of circumstances, Morgan Hunt said that while there is "no evidence" to indicate its contractors will be impacted by the attack, caution is advised.
There is, it admitted, "a theoretical risk that in the wrong hands, some of the information could potentially be used to attempt to commit identity theft or fraud. While we believe this risk is low we recommend that you exercise increased vigilance in all matters relating to your personal details."
Morgan Hunt's last reported financial year, ended March 31, 2021, was a tough one commercially – as it was for many similar businesses during the pandemic. The company reported a 20.6 percent fall in turnover to £48.24 million ($57.1 million) but made an operating profit of £340,000 ($402,000) compared to an operating loss of £507,000 ($600,170) in the previous fiscal year. Reducing costs by laying off staff and office downsizing returned the profit-and-loss accounts to black ink.
Bad actors have used their nefarious skills in the recruitment sector on numerous occasions in the past year, including a digital break-in at Optionis and Giant Pay.
We have asked Morgan Hunt for additional comment. ®