Alltech Consulting Services Suffers Data Breach, Impacting Thousands of Job Seekers
Cybersecurity expert Jeremiah Fowler uncovered an unsecured database containing sensitive information on approximately 200,000 professionals seeking employment in the technology sector. The breach is linked to Alltech Consulting Services, a firm specializing in the recruitment of IT professionals for employers in the United States and Canada.
Over 2.3 million records were publicly accessible. The folder contained personal data on roughly 216,000 candidates, including names, phone numbers, email addresses, the last four digits of Social Security numbers, passport numbers, and work visa information. Additionally, the database included internal notes on candidates’ qualifications, work experience, and desired positions.
Based in New Jersey, Alltech Consulting Services partners with over a thousand companies to recruit IT and engineering talent. After notification of the breach, public access to the database was restricted the following day. However, the company did not respond to the disclosure. It remains unclear whether the company managed the unencrypted database directly or through a third-party contractor, as well as the duration of its public exposure.
The records also contained employer information, including company names, contact details, and notes on candidates’ salary expectations and willingness to relocate. A significant portion of the files noted candidates’ possession of H-1B visas—a non-immigrant visa enabling U.S. companies to hire foreign specialists in technical fields.
Projections estimate that approximately 377,500 job openings will be available annually in the computer and IT sector between 2022 and 2032. Tech professionals are among the highest-paid, earning an average of over $100,000 per year—substantially above the U.S. median salary of $48,060 in 2023.
Highly paid specialists may become attractive targets for cybercriminals. Access to passport numbers and partial Social Security numbers, combined with educational, employment, and income data, could facilitate targeted phishing campaigns.
Statistics indicate a rise in employment-related fraud. In the U.S., losses from fraudulent job offers between 2019 and 2023 totaled $737 million. According to the Federal Trade Commission, employment fraud cases increased by 110% in 2023 compared to 2022, when job seekers lost approximately $367 million. The average loss per person is estimated at $12,000.
H-1B visa holders are particularly vulnerable, as foreign specialists require official sponsorship from a U.S.-based employer to work in the country. This dependence on sponsoring companies may render visa holders more susceptible to fraudsters who promise employment assistance and the handling of necessary documentation. Malicious actors could also exploit the obtained data for fraudulent schemes involving immigration services.
