Cyber Incident Victim: Turnover-it

On or around December 15, 2020, attackers compromised the recruitment portal Turnover-it, which specialized in IT industry hiring. The breach involved unauthorized access to internal company data, which was subsequently advertised for sale on a black market forum accessible via the web. Cybersecurity monitoring service ZATAZ identified the stolen dataset in early 2021, confirming its availability through direct observation of the illicit marketplace listing. The attacker claimed responsibility for exfiltrating the data during mid-December 2020 and offered it for commercial distribution. The compromised information included personally identifiable information (PII) such as full identities, physical addresses, email addresses, telephone numbers, dates of birth, and website URLs. Technical credentials including IP addresses and hashed passwords were also among the stolen assets. The breach impacted over 190,000 individuals whose data resided on Turnover-it's systems.

The exfiltrated data comprised 17 separate files ranging in size from 2 kilobytes to 354 megabytes, indicating a substantial volume of records. Analysis revealed significant concentrations of email addresses from major providers, including over 100,000 Gmail accounts, approximately 8,000 Free.fr addresses, and nearly 7,000 Orange/Wanadoo accounts. This distribution suggested widespread exposure of French users alongside international contacts. The attacker publicly marketed the dataset as containing recruitment-related information, though the exact method of initial network intrusion remained unspecified in available reports. No details regarding Turnover-it's internal detection mechanisms, containment procedures, or post-incident remediation efforts were disclosed in the observed source material. The exposure of hashed passwords introduced potential credential-based attack risks, while the PII breadth created opportunities for identity theft and targeted phishing campaigns against affected individuals.