Rex Mundi has hacked and dumped data from Temporis, a French employment/recruitment agency.
As they have done in the past, the hackers issued a statement and announced the data dump on Twitter, where they currently post as @rexmundi15:
Last week, we hacked the servers of Temporis, allegedly France’s largest network of franchised temp work agencies (www.temporis-franchise.fr). From their website, we downloaded a trove of confidential data, which include their clients list as well as a massive list of thousands of profiles belonging to job applicants. What is interesting about this list is the fact that it contains both the applicants’ email addresses and user-generated passwords. Since a lot of people re-use the same passwords from site to site, these credentials could allow anyone to log in to the job applicants’ email accounts or other services. We offered Temporis not to release their data in exchange for 20,000EUR. They never replied and we therefore published their data today.
Temporis’ database dump can either be downloaded from our dark web website or from the following URL: [redacted by DataBreaches.net]
If you are a Temporis client or one of the people who applied for a job through their website, one thing should be clear to you now: your privacy is not even worth 20,000EUR to Temporis.
Rex Mundi
DataBreaches.net e-mailed Temporis to request a statement about the claims and to ask whether they were notifying those affected. A Temporis spokesperson responded that all their users were notified of the privacy breach, and that all accounts involved in the hack (about 24,000) have been modified.
Temporis also issued a press statement, a copy of which they sent to DataBreaches.net. The press release – if I am translating it correctly – states that Temporis learned of the breach on January 19 when Rex Mundi contacted them. It also says that they do not collect any bank details or social security account numbers from job applicants and that applicants’ CVs are secure.