HireClick experienced a data breach, exposing approximately 5.7 million resumes to scammers, which could potentially enable identity theft and phishing. Job seekers should protect their personal information when applying for jobs. Most people don’t realize how vulnerable their privacy is until it has been compromised.
In this episode, I discuss HireClick and what a data breach could teach us about privacy. It’s vital to remain safe online if job seekers (and everyone else) treat their personal information as an asset. Treat it more like a property, an investment that grows at an eight percent yearly rate, or as a family heirloom.
Here are a few of my points:
The HireClick breach was discovered after it occurred in February 2025, after CyberNews’ research.
“The leaked files exposed sensitive and private information of job seekers, mainly resumes.”
Attackers could leverage information to offer fake jobs, “asking candidates to verify their identity with scabs if IDs, social security numbers, or even banking info to set up direct deposit.
Job seekers must stop giving too much information, such as a physical address, personal email address, two phone numbers, etc.
I voiced my concern that companies do not offer choices for information used for employment only, selling data, newsletters, email offerings, etc.
Past employment data breaches.
We can learn from past employment breaches to show how frequently and easily imposters use personal information to commit scams. Job seekers must be more strategic than ever when applying for jobs.
Here is a timeline of significant employment-related data breaches from 2020 to 2025:
2020
Automation Personnel Services (APS) Breach
In 2020, APS experienced a data breach exposing sensitive information such as Social Security numbers and bank details. A $1.375 million settlement was reached, allowing affected individuals to claim up to $5,000 with proper documentation. Wikipedia+2The US Sun+2The Times+2
2023
MOVEit Data Breach
A vulnerability in the MOVEit file transfer software was exploited by the CL0P ransomware group, compromising data from over 2,700 organizations and affecting approximately 93.3 million individuals. The breach impacted various sectors, including healthcare, finance, and government. WikipediaConsumer Financial Protection Bureau (CFPB) Breach
In March 2023, a former CFPB employee transferred confidential information of approximately 256,000 consumers and 45 financial institutions to their email account. The breach involved personally identifiable information and transaction-specific account numbers. Wikipedia
2024
National Public Data Breach
National Public Data, a data broker specializing in employee background checks, suffered a massive breach impacting 2.9 billion records, including Social Security numbers. The company filed for Chapter 11 bankruptcy on October 2, 2024. WikipediaBBC Pension Scheme Breach
The BBC reported a data breach exposing personal details of over 25,000 current and former staff members, including names, addresses, and national insurance numbers. Bank details and health information were not compromised. The Times
2025
Legal Aid Agency (UK) Breach
In April 2025, the UK's Legal Aid Agency experienced a cyberattack compromising approximately 2.1 million records, including addresses, birth dates, criminal history, employment status, and financial records dating back 15 years. The breach affected both legal aid recipients and their lawyers. The Sun+3AP News+3Financial Times+3Employment Screening Provider Breach
In February 2025, an employment screening provider reported a data breach affecting 3.3 million individuals. The exposed information included names, Social Security numbers, driver's licenses, and financial account details. HR Dive+1The US Sun+1Holt Group Breach
In December 2024, Holt Group suffered a data breach attributed to the cybercriminal group Cactus, exposing personal information of 12,455 former employees and others. The stolen data included names, Social Security numbers, and financial details. San Antonio Express-News
These incidents highlight the importance of robust cybersecurity measures in protecting sensitive employment-related data. This list doesn’t include the “Resumelooters” data breach reported in February 2024 or the European employment data breach reported earlier this month.
Common elements that seem to fit
I’m carefully reading this section because I used Perplexity's AI to research similarities in employment data breaches. I sought a deeper understanding of how job seekers can better protect themselves when applying through employment sites.
The short answer is to apply through the company websites, but they also have data breaches. Applicants must be more selective in choosing safer sites and companies that value privacy. I know it sounds like extra work, but personal information is a valuable asset. Everyone should treat it like gold and guard its use as much as possible.
Here are three commonalities employment data breaches have (again, worth looking into):
Employee error
Mistakes are made in the workplace, such as sending sensitive information to the wrong party, using hackable passwords, or mishandling physical files. Disgruntled employees who maliciously intend harm, or careless employees who lack judgment, will handle essential data.
Phishing and smishing attacks
Like job scams, imposters of employees use slick schemes to fool employees into giving them access to the company’s proprietary information or credentials to steal millions or corrupt systems.
Social Engineering
Catching an employee under stress or emotionally is a company vulnerability. Many times, their lack of judgment, awareness, or training creates opportunities for imposters. Breaches often occur with personal identification documentation, payroll data, or access to HR records.
Again, my goal is to help you gain a deeper understanding of breaches and how they happen, which will help you design a safer job search. First, it starts with strategy, then safety. One cannot sustain itself without the other. By having the right mindset, you can be more efficient and safer.
Share this post