Indiana recruitment firm notifies 52K of data breach compromising SSNs, medical, and financial data

Indiana headhunting firm Leaders Staffing over the weekend confirmed it notified 51,929 people of a January 2024 data breach that compromised names, Social Security numbers, driver’s license numbers, financial account information, and medical information.

Ransomware group Play claimed responsibility for the attack in February, saying it stole confidential data, client documents, budget, IDs, payroll, taxes, and financial info.

leaders staffing play ransomware

Leaders Staffing has not verified Play’s claim. We don’t yet know whether Leaders Staffing paid a ransom, how much Play demanded, or how attackers breached Leaders’ network. Comparitech contacted Leaders Staffing for comment and will update this article if it responds.

The notice sent by Leaders Staffing to victims states, “On January 11, 2024, Leaders Staffing became aware of unusual activity in its network.[…] Leaders Staffing’s network was subject to unauthorized access on January 11, 2024, and that certain files were potentially accessed by an unknown actor who accessed the network.”

Leaders staffing is offering victims 12 months of free credit monitoring via CyberScout.

Who is Play Ransomware?

Like most ransomware gangs today, Play is known for double-extortion attempts that force victims to pay twice: once to decrypt systems, and again in exchange for not selling or publicly releasing stolen data.

Play has claimed 39 confirmed ransomware attacks so far in 2024, affecting more than 101,000 records. This attack on Leaders Staffing is its largest yet.

Play also recently attacked US manufacturer Hartz Mountain, which issued data breach notices to 7,740 people late last week about a Play attack that took place in March 2024. Play’s other recent victims include Bel-Air Bay Club, OzarksGo, and Sree Hotels.

Play claimed another 247 attacks that haven’t been acknowledged by victims, according to our data.

Ransomware attacks on the US service industry

Aside from data theft, ransomware attacks often lock down computer systems to make them unusable until a ransom is paid for a key to decrypt them. This can disrupt business operations and cause downtime until systems are restored.

Comparitech has logged 33 attacks in 2024 on US-based service companies. Play’s attack on Leaders Staffing is the second-largest following an attack on another headhunting firm, TRC Talent Solutions. TRC saw 160,000 records compromised.

Other recently confirmed ransomware attacks on the US service industry include those on Diversified Global Graphics Group and Find Great People (another headhunting firm). Another 292 such attacks have been claimed by ransomware groups but not confirmed by targets.

About Leaders Staffing

Founded in 2005, Leaders Staffing is a job recruitment firm with seven physical locations in Northeast Indiana. At time of writing, there are no jobs posted on its website, and its search service LeadersSearch.com is unavailable.