Recently, the staffing firm ExecuSearch Holdings, LLC, issued a news release indicating that the company experienced a cybersecurity event. Evidently, on February 12, 2021, ExecuSearch noticed some of the company’s systems suddenly became inaccessible. Through a subsequent investigation, ExecuSearch learned that an unauthorized party encrypted some of the company’s systems and removed certain data. As a result, the names and Social Security numbers of more than 42,000 individuals were compromised.
A data breach occurs when a hacker or other criminal actor gains access to sensitive consumer information that is in the possession of a company or organization. Often, hackers target companies they know to have weak or outdated data-security technology. Once a hacker obtains the personal or financial information of consumers, they may use that information to commit identity theft. However, it is also common for a hacker to sell the data to the highest bidder on the black market. Regardless of who ends up with the data, victims of a breach are significantly more likely to experience identity theft. Given the risks, it is imperative anyone who received a data breach letter from ExecuSearch take precautionary steps to protect themselves from the various risks data breaches such as this one present.
Anyone affected by the ExecuSearch data breach has reason to be concerned. In recent years, identity theft crimes have become much more common. In many instances, those committing these crimes obtained consumer data through a data breach.
Companies like ExecuSearch have a duty to protect consumer data. Thus, if it becomes apparent that ExecuSearch mishandled your sensitive information leading up to the data breach, you may be eligible for financial compensation through a data breach class action lawsuit.
Are Consumers Affected by the ExecuSearch Data Breach Entitled to Financial Compensation?
When you signed up with ExecuSearch in hopes of securing a job, you provided the company with your personal information. You willingly gave the company information that you normally take care to keep private. In doing so, you trusted that the company would take your privacy seriously. Certainly, you assumed that they would take the necessary precautions to prevent your sensitive financial and personal information from ending up in the possession of a potential criminal. However, news of this recent data breach raises serious questions about the data-security measures the company had in place at the time of the breach and, potentially, the their commitment to consumer privacy.
All businesses that have consumer information in their possession have an ethical and legal obligation to safely maintain this data. To be sure, creating and implementing a data-security system is a burden; however, it is a necessary cost of doing business in an environment where hacking and cyberattacks are common. If a company does not take its consumer privacy duties seriously, it may be liable through a data breach class action lawsuit. Of course, United States data breach laws are complex, and news of this data breach is very recent. There is not yet any evidence that ExecuSearch was negligent in how it handled consumer data. However, our data breach lawyers are looking into the breach to determine what legal remedies affected consumers may have against the ExecuSearch.
If you have questions about your ability to bring a class action lawsuit against ExecuSearch, it is essential that you contact a data breach attorney as soon as possible.
What to Do if You Received a Data Breach Notification from ExecuSearch
If you received a data breach letter from ExecuSearch, it means you were among those whose personal data was compromised in the recent data breach. It also means a total stranger may have accessed, viewed, and retained your sensitive personal information. While there is no telling why a hacker wants your information or what they intend to do with it, it is essential you remain vigilant to protect yourself by taking the following steps:
- Carefully read the data breach letter sent by ExecuSearch to determine what information of yours was accessible;
- Make a copy of the letter for your records;
- Enroll in the free credit monitoring service provided by ExecuSearch;
- Change all your passwords and security questions for any online accounts;
- Enable two-factor or multi-factor authentication, where it is available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that may be a sign of identity theft;
- Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
ExecuSearch (“Execu Search,” “Execu|Search,” or “Execu-Search”) is a direct hire and contract staffing company that connects employers with qualified candidates for open positions. The company also helps corporate clients identify and implement workforce solutions, including securing high-level temporary employees. ExecuSearch has more than 200 employees across the United States and has offices in New York, New York; Melville, New York; Parsippany, New Jersey; Upper Saddle River, New Jersey; Boca Raton, Florida; and Schaumburg, Illinois. As one of the largest staffing firms in the United States, ExecuSearch generates more than $100 million in annual revenue.
The Details of the ExecuSearch Consumer Data Breach
According to the most recent data breach letter issued by ExecuSearch, on February 12, 2021, ExecuSearch realized that some of the company’s systems suddenly were not accessible. A subsequent investigation revealed that an unauthorized party had essentially locked ExecuSearch out of its own system by encrypting certain files. The unauthorized party also removed some files from the company’s network.
Once ExecuSearch learned of the data breach, it underwent a thorough review of all compromised files to identify all affected parties. On January 4, 2022, ExecuSearch completed its investigation, determining that the compromised files contained the names and Social Security numbers of 42,467 individuals.
On January 20, 2022, the ExecuSearch sent out data breach notification letters to all affected parties, informing them of the breach and what they can do to protect themselves. In its communication to affected consumers, ExecuSearch notes that there is no indication that the unauthorized party used or intends to use any of the data obtained.
Below is a copy of the initial data breach letter issued by ExecuSearch (the actual notice sent to consumers can be found here):
ExecuSearch Holdings, LLC (“ExecuSearch”) writes to inform you of an incident impacting the security of some of your personal information. While we are unaware of any identify theft or fraud occurring as a result of this incident, this letter provides information about the incident, our response, and resources available to you to help protect your information from potential misuse, should you feel it necessary to do so.
What Happened? On February 12, 2021, ExecuSearch learned of unusual activity impacting the operability of a certain number of its systems. We immediately commenced an investigation to assess the nature and scope of the activity. The investigation determined that an unknown actor encrypted some systems and took certain data on or around February 12, 2021.
Upon discovery, we provided notification to individuals known to be impacted at the time and also commenced an extensive review of all data at risk as a result of this incident to determine the entire population of information potentially impacted and to whom the information related. This extensive review required many thousands of documents to be manually reviewed for sensitive information. Moreover, ExecuSearch diligently searched for address information for impacted individuals. Initial results of the review were completed on December 10, 2021. ExecuSearch continued to analyze these results, utilizing the services of a third-party vendor in an attempt to identify additional address information for impacted individuals. This additional review and identification was completed on January 4, 2022.
What Information Was Involved? Based on our review, the information impacted includes: <> and your first and last name.
What We Are Doing. We take the security of personal information in our care seriously. Upon learning of this incident, we moved quickly to notify law enforcement, assess the security of our systems, reset passwords, and to notify potentially impacted individuals. As part of our ongoing commitment to information security, we have enhanced existing policies and procedures, including adding additional data security software and more broadly implementing multifactor authentication to our network environment. We are also reporting this incident to state regulators, where necessary. Additionally, while we are unaware of any actual or attempted misuse of your information as a result of this incident, we are offering you access to <> months of complimentary credit monitoring and identity restoration services through IDX.
What Can You Do. You can find out more about how to protect against potential identity theft and fraud in the enclosed Steps You Can Take to Help Protect Your Information. We encourage you to remain vigilant against incidents of identity
theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity. You may also enroll in the complimentary credit monitoring services described above. Enrollment instructions are attached to this letter.
For More Information. If you have additional questions, please call our dedicated assistance line at 1-833-676-2235, Monday – Friday, 9:00 a.m. to 9:00 p.m. Eastern Time (excluding U.S. national holidays). You may also write to ExecuSearch at: 675 3rd Avenue, 5th Floor, New York, NY 10017.
We sincerely regret any inconvenience this incident may have caused.