Threat actors known as “wonder” and “almighty4444” have claimed to breach Bullhorn, a leading provider of cloud-based software for the staffing and recruitment industry. The alleged Bullhorn data breach, which reportedly occurred in May 2024, involves more than 3 million records.
According to reports circulating on various cybersecurity forums, the database of Bullhorn is now purportedly up for sale. However, the company has denied the claims, stating that the Bullhorn systems are secure and were not impacted.
Alleged Bullhorn Data Breach Claimed by the Hackers:
The compromised data in alleged Bullhorn data breach includes:
- 2 million records of users associated with companies using Bullhorn’s infrastructure.
- 1 million records of the companies themselves.
- Personal information of individuals actively seeking employment.
The threat actors have claimed that the data is available for purchase, with the price negotiable through private message offers.
The Cyber Express team reached out to Bullhorn officials for verification of the breach claims.
In response, a Bullhorn spokesperson told TCE, “We are aware of reports concerning a data security incident allegedly involving the Bullhorn database. After completing an assessment, we found that the incident did not involve Bullhorn.”
The spokesperson clarified that the threat actor’s claim was false and did not impact Bullhorn systems. “We want to emphasize that this incident did not affect our systems or data in any way.”
Bullhorn informed TCE that the incident involved another business that integrates with Bullhorn.
“There was an incident involving another business that integrates with Bullhorn. The company has acknowledged the incident, is actively addressing the situation, and will notify firms if their data was impacted. We have notified the appropriate authorities and are cooperating fully with any inquiries. As always, we remain committed to the security and privacy of our data.
Bullhorn’s Industry Standing
According to the official website of Bullhorn, for the past 25 years, the company has established itself as a cornerstone in the staffing and recruitment industry. The company, which generated an annual revenue of $750 million as of May 2024, prides itself on delivering industry-leading, cloud-based software solutions.
Bullhorn’s clientele includes 10,000 customers worldwide, supported by a global workforce of 1,400 employees across 14 countries. Headquartered in Boston and founder-led, Bullhorn has built a reputation for excellence in customer service and deep domain expertise in recruitment best practices.
Cybersecurity Landscape in the Recruitment Industry
The recruitment and staffing industry has become a prime target for cybercriminals due to the valuable personal and professional data it handles. Recent statistics indicate a worrying trend:
- Increased Phishing Attacks: The industry has seen a 35% rise in phishing attacks over the past year.
- Inadequate Cybersecurity Measures: Only 25% of businesses in the beauty industry, which shares similar vulnerabilities with the staffing sector, have dedicated cybersecurity teams.
- Growing Concern Among Executives: 55% of industry executives believe cyber threats will significantly impact future business growth.
- Frequent Data Breaches: 45% of companies in related industries experienced a data breach in the last year, with an average cost of $3.86 million per breach.
With the response from Bullhorn officials sent to TCE, the claims regarding a Bullhorn data breach have been confirmed as false. The Cyber Express team continues to monitor the situation closely and will provide updates as more information becomes available.