Cyber Incident Victim: Robert Half

Between April 26 and May 16, 2022, threat actors targeted customer accounts on Robert Half's RobertHalf.com platform through suspicious login activity. The staffing firm detected this unauthorized access on May 31, 2022, subsequently identifying 1,058 affected individuals across its customer base. Attackers exploited compromised credentials—likely obtained from prior unrelated breaches—to attempt account access, suggesting a credential stuffing attack methodology. Upon discovery, Robert Half immediately required password resets for impacted accounts and implemented enhanced authentication controls across its website infrastructure. The compromised accounts contained sensitive customer information including full names, physical addresses, Social Security numbers, wage details, and tax documentation. While direct deposit bank account numbers were stored in these accounts, only the last four digits were visible through the platform interface.

Robert Half initiated customer notifications on June 14, 2022, disclosing the potential exposure of personal and financial data despite lacking conclusive evidence that attackers successfully exfiltrated or downloaded information. The company provided affected individuals with two years of complimentary identity monitoring services through Experian as a protective measure. Internal containment actions focused on credential security enhancements and forced password resets to disrupt ongoing unauthorized access. In its breach notification letters, the firm explicitly advised customers to update passwords reused across other online services, reinforcing the credential-based attack vector. The incident did not involve confirmed compromise of Robert Half's internal corporate systems according to available disclosures, with impact confined to customer portal accounts accessed through stolen authentication credentials.