In what may be a series of connected incidents, RNN is reporting multiple cyber-attacks on the industry, with the hackers potentially using the information to game state unemployment systems.

Chicago-based job board CareerBuilder has been having significant, and ongoing, issues with service interruptions since late last week. Sections of the site are still inaccessible, including hiring.careerbuilder.com. Word from the Chad & Cheese podcast points to a security breach resulting in a ransomeware issue. CareerBuilder also offers an ATS - which is in use by multiple companies - that has been impacted by the attacks as well.

We have confirmed that the company is calling on former workers with deep knowledge of the platform to return after layoffs, on a contract basis. These include: developers, ops, product, and IT. The goal is to save the platform and secure it against future attack.

Similarly, Yardley, PA-based ATS/ CRM/ Career Site platform GR8 People has been plagued with issues since late last Thursday night (the same timing as CareerBuilder). According to customers, the ATS system has been down for a week as of this writing. "I spent the week having to dig through thousands of Indeed Direct Applies", according to one recruiting leader. There are unconfirmed reports of attacks against other cloud-based technologies which work in the employment and staffing industries.

RNN has reached out to CareerBuilder, as well as GR8 People, for comment.

Why This Matters to You

At issue for many is how many people have - over the years - supplied the long-running job site and its associated brands their personally identifiable information (PII). With this information, hackers can game state unemployment systems with fraudulent claims. This trend has been growing rapidly since the onset of the pandemic and the mass-layoffs triggered by global lockdowns. The highest reported month for attacks so far occurred in July. Once Chicago-area resident recently had his account hacked and lost access to his unemployment. When pressed for information on how it happened, the Illinois Department of Employment Security responded:‍

Unemployment fraud throughout the COVID-19 pandemic has been a major national issue, with bad actors across the globe attempting to exploit this crisis to take advantage of state unemployment systems and those receiving benefits. This is particularly true for the federal Pandemic Unemployment Assistance program that was hastily designed at the federal level with states left on their own to build a system and implement. There are ongoing federal and state investigations aiming to crack down on this fraud and IDES is committed to working with law enforcement at all levels to hold bad actors accountable.

Josh Akers, Managing Director at HR technology consulting firm Akers Advisors, suspects these could be related to attacks which have been ongoing against state workforce systems since the spring. "All states are facing workforce system attacks at the claimant levels, and the unemployment insurance case management and payment systems. Attackers are attempting (and have in some cases succeeded) to flood the systems with fraudulent unemployment claims. If they can pilfer jobseeker PII [personally identifiable information] from private sector job boards, they can weaponize that info in the public workforce systems to file fake unemployment claims." Adding to this, the volume of PII available in corporate ATSs, and the data becomes highly useful to this type of hacker.

According to Etay Maor is Chief Security Officer at IntSights: "The COVID-19 pandemic is far from over. Threat actors are collecting, buying, and selling data and are educating and collaborating with each other to profit off this worldwide crisis. With current government systems stressed to their limits, this type of fraud is becoming easier and more profitable for cybercriminals."

Andrew Gadomski of Aspen Analytics says: "Cybersecurity should be on the top 5 initiatives for any TA leader during 2021 given the reliance on virtual recruiting tools and systems".

"Plus, along with selling the data, they [hackers] get paid the ransom by the private sector job board/ATS," added Akers.

This is an ongoing story, and will be updated as we learn more.