Cyber Incident Victim: Collabera

On June 8, 2020, Collabera detected malware on its network consistent with a ransomware attack, prompting immediate restoration of access to backup files and initiation of an internal investigation. By June 10, the investigation revealed unauthorized actors had exfiltrated employee data from the company's systems, though the full scope remained under review. The stolen information included employees' names, addresses, contact details, Social Security numbers, dates of birth, employment benefits data, and passport/immigration visa documents – comprehensive personal identifiers enabling identity theft. The Maze ransomware group, known for data exfiltration and corporate extortion tactics, publicly claimed responsibility for the breach in June 2020. Collabera's internal memo, issued in mid-July and signed by HR Senior Director Mike Chirico, confirmed these details to staff while noting no evidence of fraudulent data misuse had been identified.

The incident impacted Collabera's global workforce of over 16,000 employees, with compromised data posing long-term identity theft risks despite the company's assessment that records hadn't been actively weaponized. In response, Collabera engaged external cybersecurity experts and law enforcement agencies to conduct forensic analysis and incident remediation. The company implemented credit and identity monitoring services through Experian for affected employees, offering two years of coverage with an enrollment deadline of October 31, 2020. Employees were advised to vigilantly monitor financial statements for unauthorized transactions and report suspicious activity to both financial institutions and Experian. Collabera maintained business operations by restoring systems from backups but faced reputational and operational challenges as a major IT staffing firm handling sensitive employee and client data.