Cyber Incident Victim: PRGX Global

On April 9, 2022, PRGX Global, Inc. detected unauthorized access to portions of its computer systems, rendering them inaccessible. The Atlanta-based business services company immediately secured its network and initiated an internal investigation with assistance from data security specialists. Forensic analysis confirmed that an unauthorized actor had viewed and potentially downloaded certain files during a two-day window between April 8 and April 9, 2022. The compromised files contained sensitive consumer information, though the company did not disclose specific technical details about the attack vector or systems targeted. PRGX completed its review of affected data nearly thirteen months later, determining that exposed information included individuals' names, Social Security numbers, and financial account details. The breach impacted 13,231 consumers according to the company's filing with the Maine Attorney General's office.

PRGX formally notified state authorities about the data breach on May 5, 2023, and began distributing individual notification letters to affected parties the same day. The delayed disclosure timeline between the April 2022 intrusion and May 2023 notifications reflected the duration required for forensic investigation and data review. While the company did not specify containment measures beyond securing its network, the breach exposed victims to heightened risks of identity theft and financial fraud due to the sensitivity of compromised Social Security numbers and banking information. No information was provided regarding whether data appeared on dark web forums or whether attackers made specific demands. The incident affected a global client base across multiple industries served by PRGX's recovery audit and spend analytics services, though the notification did not identify specific corporate clients or business impacts beyond individual consumer data exposure.