Robert Half’s systems accessed due to weak passwords

Robert Half’s systems accessed due to weak passwords

https://www.securityweek.com/staffing-firm-robert-half-says-hackers-targeted-over-1000-customer-accounts

Exploit: Credential Stuffing
Robert Half: Staffing Company

Chinese-nation-state-actors-gained-access-to-Microsoft-data-and-emails-img3

Risk to Business: 2.601 = Moderate

Robert Half has determined that more than 1000 job seekers and employees placed by the firm had their accounts accessed by an unauthorized source between April 26 and May 16, 2022, exposing potentially sensitive information that may have been stolen. The company says that there is no evidence that the information was actually accessed or downloaded, and current users are required to update their passwords.

Chinese-nation-state-actors-gained-access-to-Microsoft-data-and-emails-img3

Individual Risk: 2.612 = Moderate

The release disclosed that the targeted accounts stored information such as name, address, and social security number, as well as wage and tax information. The company noted that bank account numbers for direct deposits are stored in these accounts, but only the last four digits are visible.

How It Could Affect Your Customers’ Business: Teaching employees to make good, strong passwords and handle them safely with security awareness training prevents problems like this.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.