Employment agency that suffered data breach says most stolen data is from fake profiles

Protemps Employment Services had its data stolen and deleted on Oct 4 and the stolen data was uploaded online three days later. PHOTO: DESORDEN GROUP

SINGAPORE - An employment agency that suffered a data breach earlier this month has issued a statement acknowledging the incident, but said it never received any ransom demand to recover the data.

In its first comments on the attack, Protemps Employment Services said on Wednesday (Oct 27) that most of the stolen data was from fake profiles.

Protemps' entire server had its data stolen and deleted on Oct 4, and the stolen data was uploaded online three days later.

The hackers claiming the attack called themselves Desorden Group.

The data purportedly contained the personal details of about 40,000 people who had submitted job applications to the company.

However, Ms Dorothy Neo, the managing director of Protemps, told The Straits Times on Wednesday that the actual number of people affected was less than that claimed by the hackers.

She said most of the purported details were from fake resumes sent to the company through spam accounts, and that only 2,500 real applicants were affected.

Of these, she said only 300 profiles contained "full details", including education background, salaries, contact numbers and addresses.

Desorden Group had made a video showing the stolen files and databases and which carried a warning to Protemps to "think carefully".

However, Ms Neo said Protemps neither received nor paid any ransom demand, which is usually the reason for such data theft.

"There was no ransom note sent to our vendor or Protemps to pay any amount to secure the release of data on our website," she said.

"Protemps is committed to support our customers as we resolve this incident."

She added that Protemps, which has an office at Paya Lebar Square, has contacted those affected to notify them of the breach.

The hackers, known as Desorden Group, said they were behind the attack on Oct 4, 2021. PHOTO: DESORDEN GROUP

The Personal Data Protection Commission was alerted to the incident, which was reported by The Straits Times on Oct 21, and investigations are ongoing.

Ms Neo had initially declined to comment, but said she was choosing to do so now as the company's working relationship with clients had been affected.

Desorden Group is known to target organisations related to supply chains.

Its name is Spanish and translates into "disorder and chaos".

The data stolen from Protemps had been accessed by more than 60 entities when the breach was reported last week.

It has since been accessed by about 120 entities.

Join ST's Telegram channel and get the latest breaking news delivered to you.