Cyber Incident Victim: North Highland Company
Date:
Jun 2022
Location:
United States of America
Summary
The North Highland Company, a management consulting firm, experienced a ransomware attack resulting in unauthorized access to sensitive employee data. The breach exposed personal and financial information of current and former employees, including names, Social Security numbers, addresses, bank account details, payroll records, dates of birth, contact information, background checks, employment screening data, performance records, and health-related information. Following an investigation with third-party security experts, the company confirmed that attackers exfiltrated files containing this data and subsequently notified affected individuals. The incident impacted over 5,000 employees across multiple industries served by the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 6, 2022, The North Highland Company, LLC detected a ransomware attack that compromised its network, leading to unauthorized access of sensitive employee data. The Atlanta-based management consulting firm immediately launched an investigation with assistance from third-party data security experts to assess the breach's scope. By June 28, 2022, forensic analysis confirmed that attackers had exfiltrated files containing personal information belonging to current and former employees. The company conducted a comprehensive review of the compromised files to identify affected individuals and specific data elements exposed. Impacted records included names, Social Security numbers, tax identification numbers, physical addresses, bank account details, payroll information, personal email and phone contacts, dates of birth, employment screening documentation, performance records, health-related information, and benefits data. North Highland finalized breach notifications by July 7, 2022, mailing detailed letters to all impacted parties explaining the incident timeline and categories of exposed information. The breach affected employees across the company's global operations spanning consulting services for energy, healthcare, financial services, and retail sectors.
The incident exposed highly sensitive personnel records from a workforce exceeding 5,000 employees at the $1 million-revenue firm. Attackers employed ransomware tactics consistent with 2022 trends targeting mid-sized organizations, though the company did not disclose whether data was held for ransom or published. Security analysts observed a broader industry pattern during this period where ransomware operators adjusted demands to target smaller entities, with median payments dropping 51% to $36,000 compared to previous quarters. North Highland's breach notification process emphasized risks of identity theft and financial fraud stemming from the stolen data combination. The company did not report operational disruptions to client services but confirmed the attackers successfully removed employee records from corporate systems. No evidence suggested client data compromise beyond employee information. The incident reflected persistent ransomware threats facing professional services firms managing sensitive personnel documentation across multiple jurisdictions.