Cyber Incident Victim: Adecco Group
Date:
Mar 2021
Location:
Switzerland
Summary
A major HR and staffing firm experienced a data breach exposing approximately 5 million records from six Latin American countries. The incident stemmed from an Apache Cassandra database left publicly accessible with default credentials, compromising personal information including names, email addresses, marital status, dates of birth, and hashed passwords. The leaked data, offered for sale on a hacking forum before removal, poses risks of spear phishing, spam campaigns, and credential-based attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early December 2023, a threat actor advertised a database containing approximately 5 million records from Adecco Group’s Latin American operations on a hacking forum. The compromised data originated from six countries: Peru, Brazil, Argentina, Colombia, Chile, and Ecuador. The database was listed for sale with a claimed creation year of 2021, suggesting the breach occurred around that time. Analysis revealed the data resided in an Apache Cassandra database management system configured with default credentials, a critical security oversight that left it publicly accessible. The forum post was abruptly removed shortly after publication, potentially indicating a rapid sale of the stolen data. Cybersecurity researchers identified three primary data categories within the exposed records: “Candidatos_datos_personales” containing names, gender, marital status, birth dates, and country information for 4.5 million individuals; “Candidatos_candidatos_by_email” with 3.7 million entries of names, email addresses, geographic data, IDs, creation dates, and bcrypt-hashed passwords (using a cost factor of 10); and “Candidatos_login” comprising 5.3 million records with similar personal identifiers and system metadata.
This incident represented Adecco’s second significant data exposure within four years, following a 2019 breach involving compromised biometric data of 2,000 Belgian employees through third-party vendor Suprema ID Inc. The 2021 breach exposed substantially more records across multiple jurisdictions, though the organization had not publicly acknowledged or verified the incident’s validity as of December 2023. Forensic evidence indicated the database’s accessibility resulted from inadequate credential management rather than sophisticated attack methods. The stolen personal information created substantial risks for affected individuals, including targeted spear-phishing campaigns, spam communications via email and phone, and credential-stuffing attacks against other online accounts using recycled passwords. Historical patterns suggested threat actors could leverage the exposed data for identity theft schemes and financial fraud, though no specific evidence of such misuse was confirmed in the available reporting.