Sign up to save your podcasts
Or
Share How HireClick's Data Leak Will Make Job Seekers Vulnerable (Breaking News!)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How HireClick's Data Leak Will Make Job Seekers Vulnerable (Breaking News!)
HireClick experienced a data breach, exposing approximately 5.7 million resumes to scammers, which could potentially enable identity theft and phishing. Job seekers should protect their personal information when applying for jobs. Most people don’t realize how vulnerable their privacy is until it has been compromised.
In this episode, I discuss HireClick and what a data breach could teach us about privacy. It’s vital to remain safe online if job seekers (and everyone else) treat their personal information as an asset. Treat it more like a property, an investment that grows at an eight percent yearly rate, or as a family heirloom.
Here are a few of my points:
* The HireClick breach was discovered after it occurred in February 2025, after CyberNews’ research.
* “The leaked files exposed sensitive and private information of job seekers, mainly resumes.”
* Attackers could leverage information to offer fake jobs, “asking candidates to verify their identity with scabs if IDs, social security numbers, or even banking info to set up direct deposit.
* Job seekers must stop giving too much information, such as a physical address, personal email address, two phone numbers, etc.
* I voiced my concern that companies do not offer choices for information used for employment only, selling data, newsletters, email offerings, etc.
Past employment data breaches.
We can learn from past employment breaches to show how frequently and easily imposters use personal information to commit scams. Job seekers must be more strategic than ever when applying for jobs.
Here is a timeline of significant employment-related data breaches from 2020 to 2025:
2020
Automation Personnel Services (APS) BreachIn 2020, APS experienced a data breach exposing sensitive information such as Social Security numbers and bank details. A $1.375 million settlement was reached, allowing affected individuals to claim up to $5,000 with proper documentation. Wikipedia+2The US Sun+2The Times+2
2023
* MOVEit Data BreachA vulnerability in the MOVEit file transfer software was exploited by the CL0P ransomware group, compromising data from over 2,700 organizations and affecting approximately 93.3 million individuals. The breach impacted various sectors, including healthcare, finance, and government. Wikipedia
* Consumer Financial Protection Bureau (CFPB) BreachIn March 2023, a former CFPB employee transferred confidential information of approximately 256,000 consumers and 45 financial institutions to their email account. The breach involved personally identifiable information and transaction-specific account numbers. Wikipedia
2024
* National Public Data BreachNational Public Data, a data broker specializing in employee background checks, suffered a massive breach impacting 2.9 billion records, including Social Security numbers. The company filed for Chapter 11 bankruptcy on October 2, 2024. Wikipedia
* BBC Pension Scheme BreachThe BBC reported a data breach exposing personal details of over 25,000 current and former staff members, including names, addresses, and national insurance numbers. Bank details and health information were not compromised. The Times
2025
* Legal Aid Agency (UK) BreachIn April 2025, the UK's Legal Aid Agency experienced a cyberattack compromising approximately 2.1 million records, including addresses, birth dates, criminal history, employment status, and financial records dating back 15 years. The breach affected both legal aid recipients and their lawyers. The Sun+3AP News+3Financial Times+3
* Employment Screening Provider BreachIn February 2025, an employment screening provider reported a data breach affecting 3.3 million individuals. The exposed information included names, Social Security numbers, driver's licenses, and financial account details. HR Dive+1The US Sun+1
* Holt Group BreachIn December 2024, Holt Group suffered a data breach attributed to the cybercriminal group Cactus, exposing personal information of 12,455 former employees and others. The stolen data included names, Social Security numbers, and financial details. San Antonio Express-News
These incidents highlight the importance of robust cybersecurity measures in protecting sensitive employment-related data. This list doesn’t include the “Resumelooters” data breach reported in February 2024 or the European employment data breach reported earlier this month.
Common elements that seem to fit
I’m carefully reading this section because I used Perplexity's AI to research similarities in employment data breaches. I sought a deeper understanding of how job seekers can better protect themselves when applying through employment sites.
The short answer is to apply through the company websites, but they also have data breaches. Applicants must be more selective in choosing safer sites and companies that value privacy. I know it sounds like extra work, but personal information is a valuable asset. Everyone should treat it like gold and guard its use as much as possible.
Here are three commonalities employment data breaches have (again, worth looking into):
Employee error
Mistakes are made in the workplace, such as sending sensitive information to the wrong party, using hackable passwords, or mishandling physical files. Disgruntled employees who maliciously intend harm, or careless employees who lack judgment, will handle essential data.
Phishing and smishing attacks
Like job scams, imposters of employees use slick schemes to fool employees into giving them access to the company’s proprietary information or credentials to steal millions or corrupt systems.
Social Engineering
Catching an employee under stress or emotionally is a company vulnerability. Many times, their lack of judgment, awareness, or training creates opportunities for imposters. Breaches often occur with personal identification documentation, payroll data, or access to HR records.
Again, my goal is to help you gain a deeper understanding of breaches and how they happen, which will help you design a safer job search. First, it starts with strategy, then safety. One cannot sustain itself without the other. By having the right mindset, you can be more efficient and safer.
This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit markanthonydyson.substack.com/subscribe
View all episodes
By Mark Anthony DysonHireClick experienced a data breach, exposing approximately 5.7 million resumes to scammers, which could potentially enable identity theft and phishing. Job seekers should protect their personal information when applying for jobs. Most people don’t realize how vulnerable their privacy is until it has been compromised.
In this episode, I discuss HireClick and what a data breach could teach us about privacy. It’s vital to remain safe online if job seekers (and everyone else) treat their personal information as an asset. Treat it more like a property, an investment that grows at an eight percent yearly rate, or as a family heirloom.
Here are a few of my points:
* The HireClick breach was discovered after it occurred in February 2025, after CyberNews’ research.
* “The leaked files exposed sensitive and private information of job seekers, mainly resumes.”
* Attackers could leverage information to offer fake jobs, “asking candidates to verify their identity with scabs if IDs, social security numbers, or even banking info to set up direct deposit.
* Job seekers must stop giving too much information, such as a physical address, personal email address, two phone numbers, etc.
* I voiced my concern that companies do not offer choices for information used for employment only, selling data, newsletters, email offerings, etc.
Past employment data breaches.
We can learn from past employment breaches to show how frequently and easily imposters use personal information to commit scams. Job seekers must be more strategic than ever when applying for jobs.
Here is a timeline of significant employment-related data breaches from 2020 to 2025:
2020
Automation Personnel Services (APS) BreachIn 2020, APS experienced a data breach exposing sensitive information such as Social Security numbers and bank details. A $1.375 million settlement was reached, allowing affected individuals to claim up to $5,000 with proper documentation. Wikipedia+2The US Sun+2The Times+2
2023
* MOVEit Data BreachA vulnerability in the MOVEit file transfer software was exploited by the CL0P ransomware group, compromising data from over 2,700 organizations and affecting approximately 93.3 million individuals. The breach impacted various sectors, including healthcare, finance, and government. Wikipedia
* Consumer Financial Protection Bureau (CFPB) BreachIn March 2023, a former CFPB employee transferred confidential information of approximately 256,000 consumers and 45 financial institutions to their email account. The breach involved personally identifiable information and transaction-specific account numbers. Wikipedia
2024
* National Public Data BreachNational Public Data, a data broker specializing in employee background checks, suffered a massive breach impacting 2.9 billion records, including Social Security numbers. The company filed for Chapter 11 bankruptcy on October 2, 2024. Wikipedia
* BBC Pension Scheme BreachThe BBC reported a data breach exposing personal details of over 25,000 current and former staff members, including names, addresses, and national insurance numbers. Bank details and health information were not compromised. The Times
2025
* Legal Aid Agency (UK) BreachIn April 2025, the UK's Legal Aid Agency experienced a cyberattack compromising approximately 2.1 million records, including addresses, birth dates, criminal history, employment status, and financial records dating back 15 years. The breach affected both legal aid recipients and their lawyers. The Sun+3AP News+3Financial Times+3
* Employment Screening Provider BreachIn February 2025, an employment screening provider reported a data breach affecting 3.3 million individuals. The exposed information included names, Social Security numbers, driver's licenses, and financial account details. HR Dive+1The US Sun+1
* Holt Group BreachIn December 2024, Holt Group suffered a data breach attributed to the cybercriminal group Cactus, exposing personal information of 12,455 former employees and others. The stolen data included names, Social Security numbers, and financial details. San Antonio Express-News
These incidents highlight the importance of robust cybersecurity measures in protecting sensitive employment-related data. This list doesn’t include the “Resumelooters” data breach reported in February 2024 or the European employment data breach reported earlier this month.
Common elements that seem to fit
I’m carefully reading this section because I used Perplexity's AI to research similarities in employment data breaches. I sought a deeper understanding of how job seekers can better protect themselves when applying through employment sites.
The short answer is to apply through the company websites, but they also have data breaches. Applicants must be more selective in choosing safer sites and companies that value privacy. I know it sounds like extra work, but personal information is a valuable asset. Everyone should treat it like gold and guard its use as much as possible.
Here are three commonalities employment data breaches have (again, worth looking into):
Employee error
Mistakes are made in the workplace, such as sending sensitive information to the wrong party, using hackable passwords, or mishandling physical files. Disgruntled employees who maliciously intend harm, or careless employees who lack judgment, will handle essential data.
Phishing and smishing attacks
Like job scams, imposters of employees use slick schemes to fool employees into giving them access to the company’s proprietary information or credentials to steal millions or corrupt systems.
Social Engineering
Catching an employee under stress or emotionally is a company vulnerability. Many times, their lack of judgment, awareness, or training creates opportunities for imposters. Breaches often occur with personal identification documentation, payroll data, or access to HR records.
Again, my goal is to help you gain a deeper understanding of breaches and how they happen, which will help you design a safer job search. First, it starts with strategy, then safety. One cannot sustain itself without the other. By having the right mindset, you can be more efficient and safer.
This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit markanthonydyson.substack.com/subscribe