CRM Platform Bullhorn data of 2M customers for sale, Bullhorn denies breach, claims unnamed third party at fault
Take action: It's unclear whether the compromised data is of Bullhorn customers or not. The wording of the Bullhorn disclaimer is weird, throwing a third party "that integrates with Bullhorn" under the bus, but without naming the third party. If Bullhorn customer data was in a third party system, the reasons for that are unclear.
Learn More
In May 2024, threat actors "wonder" and "almighty4444" claimed to have breached Bullhorn, a major provider of cloud-based customer relationship management software, stealing over three million records. These records purportedly include:
- 2 million records of users associated with companies utilizing Bullhorn’s services.
- 1 million records of the companies themselves.
- Personal details of individuals actively seeking employment.
The data is being sold on hacking forums, with prices negotiable through private message offers.
Bullhorn has dismissed the claims of breach, asserting that their systems were not compromised. According to Bullhorn, the data breach did not impact their systems or data. The stolen data originated from a third-party business that integrates with Bullhorn. This third party has acknowledged the incident and is addressing the situation, with plans to notify affected firms if their data was impacted.
The third party has not been named and any impact on individuals is not clear.
Bullhorn has reported the incident to the appropriate authorities and is fully cooperating with any inquiries.
