Alltech Consulting Services leaks data of 216k people
Learn More
A significant data leak is discovered and reported by researcher Jeremiah Fowler, involving Alltech Consulting Services, a New Jersey-based IT recruitment company that connects technology professionals with employers across the United States and Canada.
The leak occurred due to a non-password-protected database that was publicly accessible. The database was secured the day after the responsible disclosure notice was sent, though no reply was received from Alltech. The database exposed a total of 2,317,157 records, affecting approximately 216,000 job seekers. Exposed Data types include
- Names
- Phone numbers
- Email addresses
- Last four digits of Social Security Numbers
- Passport numbers
- Work authorization visa status
- Internal notes about experience and qualifications
- Job preferences and relocation willingness
- Salary expectations
- Work history
- Employer details (company names, contact information)
- H-1B visa status indicator
The leak particularly affects H-1B visa holders, who may be at increased risk due to their visa-dependent status. The exposed population includes high-value targets (technology professionals with average salaries above $100,000).
It's unclear whether the database was managed directly by Alltech or a third party, and how long was it exposed online.
The database access has been restricted, but without an internal forensic audit, the full extent of the exposure and potential access by malicious actors remains unknown.
