Information provided by the company to the Maine Attorney General shows that threat actors targeted Robert Half between April 26 and May 16. The incident, discovered on May 31, impacts 1,058 individuals.
“We recently identified suspicious login activity on your RobertHalf.com account that occurred in late April/early May 2022. Upon detection, we required you to reset your account password, and we took steps to strengthen authentication controls for the website,” the company said in a cybersecurity incident notice sent to impacted individuals.
The targeted accounts store information such as name, address, and social security number, as well as wage and tax information. The company noted that bank account numbers for direct deposits are stored in these accounts, but only the last four digits are visible.
Robert Half’s customer notification also advises recipients to change their passwords on other accounts where the same credentials have been used. In addition, it includes other password management recommendations, which also suggest this was a credential stuffing attack.