The attackers have leaked one file, a zip archive of about 38MB, and appear to be waiting for the company to approach them for ransom discussions.
Randstad is a huge operation and pulled in revenue of €23.7 billion (A$38.68 billion) in 2019.
The company was founded in the Netherlands and now operates in five continents. Of itself it says: "In 2019, we helped more than two million candidates find a meaningful job with our 280,000 clients. Furthermore, we trained more than 350,000 people.
|
|
In response to an inquiry, the company said it had recently become aware of malicious activity in its IT environment and launched an internal investigation, with third-party cyber security and forensic experts being hired to assist.
"Prompt global action was taken to mitigate the incident while further protecting Randstad’s systems, operations and data," a spokeswoman said. "As a result, a limited number of servers were impacted. Our systems have continued running without interruption and there has not been any disruption to our operations.
"Based on our current investigation there is no indication that any third-party systems were impacted. Relevant regulatory authorities and law enforcement agencies have been notified.
"To date, our investigation has revealed that the Egregor group obtained unauthorised and unlawful access to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France.
"They have now published what is claimed to be a subset of that data. The investigation is ongoing to identify what data has been accessed, including personal data, so that we can take appropriate action with regard to identifying and notifying relevant parties.
"The protection of our client and talent data is our highest priority and we are dedicating significant resources to deal with this regrettable incident. Unfortunately, Randstad is not alone in this situation as cyber criminals have become increasingly sophisticated and aggressive in recent months, resulting in many organisations suffering such attacks."
Randstad was founded in 1960 and is headquartered in Diemen, the Netherlands.
Contacted for comment, ransomware researcher Brett Callow, who works for the New Zealand-headquartered security outfit Emsisoft, said: "Egregor is rapidly racking up a long list of victims. In fact, their rate of 'customer acquisition' is quite unprecedented.
"This is likely not because they're super-good or have been super-busy, but because Maze's former partners have signed up to their affiliate program and taken a list of pre-comprised and ready-to-be-exploited networks with them.
"In fact, it may not only be Maze's former partners who've moved across: Egregor may well have been created by the same set of criminals who created Maze (old ransomware operators never die, they simply rebrand – and then sell all the data they'd promised to destroy!)."
