Recently, staffing firm ExecuSearch Holdings, LLC issued a press release stating that the company had suffered a cybersecurity event. Obviously, on February 12, 2021, ExecuSearch noticed that some of the company’s systems had suddenly become inaccessible. During subsequent investigation, ExecuSearch learned that an unauthorized party had encrypted some of the company’s systems and deleted some data. As a result, the names and social security numbers of more than 42,000 people have been compromised.
A data breach occurs when a hacker or other criminal actor gains access to sensitive consumer information that is in the possession of a business or organization. Often, hackers target companies that they know have weak or outdated data security technology. Once a hacker obtains consumers’ personal or financial information, they can use that information to commit identity theft. However, it is also common for a hacker to sell the data to the highest bidder on the black market. Regardless of who ends up with the data, victims of a breach are much more likely to be victims of identity theft. Given the risks, it is imperative that anyone who has received a data breach letter from ExecuSearch takes precautionary measures to protect themselves from various data breach risks such as this.
Anyone affected by the ExecuSearch data breach has reason to be concerned. In recent years, identity theft crimes have become much more common. In many cases, the perpetrators of these crimes obtained consumer data through a data breach.
Companies like ExecuSearch have a duty to protect consumer data. So, if it becomes apparent that ExecuSearch mishandled your sensitive information leading to the data breach, you may be eligible for financial compensation through a data breach class action lawsuit.
Are consumers affected by the ExecuSearch data breach entitled to financial compensation?
When you registered with ExecuSearch in hopes of getting a job, you provided the company with your personal information. You have voluntarily given the company information that you normally keep confidential. By doing so, you trusted that the company would take your privacy seriously. Surely you assumed that they would take the necessary precautions to prevent your sensitive financial and personal information from ending up in the possession of a potential criminal. However, news of this recent data breach raises serious questions about the data security measures the company had in place at the time of the breach and, potentially, its commitment to consumer privacy.
All companies that hold consumer information have an ethical and legal obligation to keep that data secure. Admittedly, creating and implementing a data security system is a burden; however, it is a necessary cost of doing business in an environment where hacking and cyberattacks are common. If a company doesn’t take its consumer privacy obligations seriously, it can be held liable through a data breach class action lawsuit. Of course, US data breach laws are complex and news of this data breach is very recent. There is still no evidence that ExecuSearch was negligent in the way it handled consumer data. However, our data breach attorneys are investigating the breach to determine what legal remedies affected consumers may have against ExecuSearch.
If you have any questions about your ability to bring a class action lawsuit against ExecuSearch, it is essential that you contact a data breach attorney as soon as possible.
What to do if you received a data breach notification from ExecuSearch
If you received a data breach letter from ExecuSearch, it means you were among those whose personal data was compromised in the recent data breach. It also means that a complete stranger may have accessed, viewed and stored your sensitive personal information. While it’s impossible to tell why a hacker wants your information or what they intend to do with it, it’s essential that you remain vigilant to protect yourself by taking the following steps:
- Carefully read the data breach letter sent by ExecuSearch to determine what information about you was accessible;
- Make a copy of the letter for your records;
- Sign up for the free credit monitoring service provided by ExecuSearch;
- Change all your passwords and security questions for all online accounts;
- Enable two-factor or multi-factor authentication, where available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that could be a sign of identity theft;
- Contact one of the major credit bureaus to ask them to add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
ExecuSearch (“Execu Search”, “Execu|Search” or “Execu-Search”) is a direct recruitment and contract recruitment company that connects employers with qualified candidates for open positions. The company also helps corporate clients identify and implement workforce solutions, including securing high-level temporary employees. ExecuSearch has over 200 employees across the United States and has offices in New York, New York; Melville, New York; Parsippany, New Jersey; Upper Saddle River, New Jersey; Boca Raton, Florida; and Schaumburg, Illinois. As one of the largest recruitment companies in the United States, ExecuSearch generates over $100 million in annual revenue.
The Details of the ExecuSearch Consumer Data Breach
According to the latest data breach letter published by ExecuSearch, on February 12, 2021, ExecuSearch realized that some of the company’s systems were suddenly no longer accessible. Further investigation revealed that an unauthorized party had essentially locked ExecuSearch out of its own system by encrypting some files. The unauthorized party also deleted some files from the company network.
Once ExecuSearch learned of the data breach, it underwent a thorough review of all compromised files to identify all affected parties. On January 4, 2022, ExecuSearch completed its investigation, determining that the compromised files contained the names and social security numbers of 42,467 people.
On January 20, 2022, ExecuSearch sent data breach notification letters to all affected parties, informing them of the breach and what they can do to protect themselves. In its communication to affected consumers, ExecuSearch notes that there is no indication that the unauthorized party has used or intends to use any of the data obtained.
Below is a copy of the initial data breach letter issued by ExecuSearch (the actual notice sent to consumers can be found here):
ExecuSearch Holdings, LLC (“ExecuSearch”) is writing to inform you of an incident affecting the security of certain of your personal information. Although we are not aware of any identity theft or fraud resulting from this incident, this letter provides information about the incident, our response, and the resources available to you to help protect your information. against potential misuse, if you deem it necessary to do so.
What happened? On February 12, 2021, ExecuSearch became aware of unusual activity impacting the operability of a number of its systems. We immediately opened an investigation to assess the nature and extent of the activity. The investigation determined that an unknown actor encrypted certain systems and took certain data on or around February 12, 2021.
Upon discovery, we notified those known to be affected at the time and also began a thorough review of all data at risk as a result of this incident to determine the entire population of potentially affected information. affected and to whom the information related. This extensive review required the manual review of several thousand documents for sensitive information. In addition, ExecuSearch has diligently researched the address information of those affected. The first results of the review were completed on December 10, 2021. ExecuSearch continued to analyze these results, using the services of a third-party vendor to identify additional address information for those affected. This additional review and identification was completed on January 4, 2022.
What information was involved? Based on our review, relevant information includes: and your first and last name.
What we do. We take the security of personal information entrusted to us seriously. After learning of this incident, we acted quickly to notify law enforcement, assess the security of our systems, reset passwords, and notify those potentially affected. As part of our ongoing commitment to information security, we have enhanced existing policies and procedures, including adding additional data security software and more widely implementing multi-factor authentication in our network environment. We are also reporting this incident to state regulators, if necessary. Additionally, while we are not aware of any actual or attempted misuse of your information as a result of this incident, we are offering you access to months of free credit monitoring and credit restoration services. identity through IDX.
What can you do. You can learn more about how to protect yourself against potential identity theft and fraud in the attached steps you can take to help protect your information. We encourage you to remain vigilant for identity incidents
theft and fraud, to review your account statements and to monitor your credit reports for suspicious activity. You can also sign up for the free credit monitoring services described above. Registration instructions are attached to this letter.
For more information. If you have additional questions, please call our dedicated support line at 1-833-676-2235, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time (excluding U.S. holidays). You can also write to ExecuSearch at: 675 3rd Avenue, 5th Floor, New York, NY 10017.
We sincerely regret any inconvenience this incident may have caused.