Hackers have demanded $US50,000 from recruitment firm Drake International to prevent them from publishing a database they claim contains personal information about 300,000 Australian, New Zealand, British and Canadian job seekers.
Using the Twitter account @RexMundi_Anon, the hackers on Wednesday linked to their demand on Pastebin, where they make a claim to have breached a server at the recruitment firm’s Canadian operations last week.
“We gained access to over 300,000 confidential job applicant records, in addition to data related to the company's clients. The data stored inside the website's database relates to candidates located in Australia, New Zealand, the UK and Canada,” they said.
The hackers are threatening to publish the stolen database unless Drake International paid the group $50,000 by the end of this week. They posted the threat after claiming Drake had not responded to their demand and released details of one candidate each from Australia, New Zealand, and Canada to prove they were in possession of the database.
A payment however looks unlikely to happen after Canadian Drake executive Tony Scala, who confirmed the breach on Wednesday to the <i>Financial Post</i>, said it “won’t be blackmailed” and will not negotiate with the hackers.
A log of Drake’s complaint with the Toronto Police Service notes that Drake and its agencies around the world had agreed on not paying the group, according to Databreaches.net.
Drake was cooperating with authorities to ensure the details would be “protected as best they can be”, said Scala, adding that the company intends to contact affected candidates by email.
It’s not known how many Australian candidates’ records were in the stolen database. CSO Australia is waiting for a response from Drake Australia.
Drake’s Scala said the stolen database was “old” and that the breach was “limited in scope”.
Drake has operations in nine countries.