Posted On October 13, 2022 Consumer Privacy & Data Breaches
On October 7, 2022, GEE Group, Inc. filed a notice of a data breach with the Office of the Vermont Attorney General after the company experienced a data security incident that compromised sensitive information belonging to certain individuals that was stored on the company’s computer system. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, birth dates and Social Security numbers. After confirming that consumer data was leaked, GEE Group began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the GEE Group data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from GEE Group, Inc.
The available information regarding the GEE Group breach comes from the company’s filing with the Vermont Attorney General. According to this source, the company recently detected what appeared to be unauthorized access to its computer system after some of the data stored on its system was encrypted. In response, GEE Group eliminated all unauthorized access, contacted law enforcement, and began working with an outside cybersecurity firm to investigate the incident and determine what, if any, consumer information was leaked as a result.
The company’s investigation confirmed that an unauthorized party gained access to its computer systems and that some of the files contained sensitive information belonging to certain individuals.
Upon discovering that sensitive consumer data was made available to an unauthorized party, GEE Group began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, date of birth and Social Security number.
On October 7, 2022, GEE Group sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1962, GEE Group, Inc. is a staffing company based in Jacksonville, Florida. The company connects qualified applications with temporary or permanent positions within its clients’ businesses. GEE Group provides professional staffing through the names General Employment, Access Data Consulting, Agile Resources, Ashley Ellis, Omni-One, Paladin Consulting and Triad. Gee Group also provides contract and direct hire professional staffing services through the following brands: Accounting Now®, SNI Technology, Legal Now, SNI Financial, Staffing Now, SNI Energy, and SNI Certes. The company also operates Scribe Solutions, a division focused on meeting the scribing needs of healthcare professionals. GEE Group employs more than 271 people and generates approximately $162 million in annual revenue.
In the data breach letter GEE Group sent to victims of the recent data security incident, the company described what appears to have been a ransomware attack. More specifically, the letter notes that the group responsible for the attack encrypted data on the company’s servers. While the letter doesn’t elaborate beyond this, it is very likely that the group of hackers encrypted portions of the GEE Group network and then threatened to publish the stolen data on the dark web if the company did not pay the demanded ransom.
Encryption is a process that encodes files, making them inaccessible to anyone without the encryption key (which is usually a password). Individuals and companies encrypt files every day to protect sensitive data from unauthorized access. However, cybercriminals also use encryption when carrying out certain types of cyberattacks—usually ransomware attacks.
So, while GEE Group did not explicitly state the incident was due to a ransomware attack, it’s a good indication that was the case.
A ransomware attack occurs when a hacker installs malware that encrypts the files on a victim’s computer. When the victim of the attack logs back on to their computer, they receive a message explaining that if they want to regain access to their computer, they must pay a ransom. If the company pays the ransom, the hackers decrypt the files. Generally, hackers keep their word to decrypt files after a company pays a ransom because, if they didn’t, companies would have no incentive to pay a ransom.
However, to increase the pressure on companies, hackers have recently started to threaten to publish the stolen data on the dark web if a company does not pay the ransom. While the FBI advises companies not to pay ransoms following a ransomware attack, companies experiencing a ransomware attack are in a difficult position because many would prefer to quietly pay a ransom to avoid news of the breach becoming public.
Of course, companies can—and should—take preventative action to reduce the risk of a ransomware attack in the first place. For example, training employees about the risks of phishing emails and developing state-of-the-art data security systems are two relatively easy things companies can do to prevent these attacks. Unfortunately, despite the widespread knowledge of the risks of ransomware attacks, many companies fail to devote adequate resources to the prevention of ransomware attacks.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the GEE Group data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
