Data Breaches Continue to Be a Major Concern for Companies and Their Workforces

By Shelley Luzaich | March 20, 2025

Data breaches are costly and damaging, exposing a company to significant fines, class-action lawsuits and reputational damage. T-Mobile, Equifax, Facebook, Marriott, Fortinet, and many others have paid hundreds of millions of dollars in class-action lawsuits.  

Data breaches have been on the rise for several reasons: 

  1. Improper configuration of cloud services can leave sensitive information exposed. 
  2. Ransomware is increasing in sophistication, making it easier for cybercriminals to encrypt data and demand payment for its release. 
  3. Third-party vendors with weaker security measures are often used to gain access to larger organizations. 
  4. Weak or stolen passwords make it easier for hackers to gain unauthorized access. 
  5. Sensitive data is often accessed through vulnerabilities in poorly written software and network systems. 

          As data breaches have become increasingly common, malicious actors are not just targeting large companies. Staffing agencies and their supporting organizations have also fallen victim to significant data breaches. 

          Recently, DISA Global Solutions, a third-party firm that provides employment screening services including drug and alcohol testing and background checks, reported a data breach that affected more than 3.3 million individuals. The exposed data may include names, Social Security numbers, driver’s license numbers, other government ID numbers, and financial account information. This breach is believed to have occurred between February and April 2024. 

          A 2023 breach at Automation Personnel Services, a US-based temporary staffing agency, exposed 440GB of sensitive data, including accounting and payroll information. This incident highlights the importance of ensuring that all employees, including temporary ones, follow strict security protocols. 

          In 2021, Robert Half, a global staffing firm, suffered a data breach that compromised the personal information of both employees and clients. The breach involved unauthorized access to sensitive data, including names, addresses, and Social Security numbers.  

          Contingent Workforce Vulnerabilities 

          Contingent (aka temporary) workers can pose unique challenges when it comes to data security: 

          1. Contingent workers frequently need access to sensitive systems and data, which increases the number of potential entry points for cybercriminals. 
          2. Temporary staff may not receive the same level of cybersecurity training as permanent employees, making them more susceptible to phishing attacks and other social engineering tactics. 
          3. Many organizations engaging staffing agencies to provide temporary workers to not verify the quality of the agencies’ security measures.  
          4. Temporary workers might not be as invested in the company’s long-term security practices, potentially leading to careless handling of sensitive information. 
          5. Temporary workers, including agency contractors, independent consultants, and project-based services teams, are more likely to work remotely, introducing an additional level of cyber risk. 

                  nextSource Perspective 

                  Best practices to follow when engaging contingent personnel include:  

                  • Before hiring temporary staff, perform comprehensive background checks to ensure they have a trustworthy history. 
                  • Implement role-based access controls to restrict unnecessary access and verify that contingent workers are only granted access to the data and systems they need to perform their job.  
                  • Establish clear guidelines for granting, managing, and terminating access for contingent staff. This includes setting expiration dates for access and regularly reviewing permission. 
                  • Ensure that contingent personnel receive the same level of cybersecurity training as permanent employees. This includes training on recognizing phishing attempts, safe data handling practices, and company-specific security protocols. 
                  • Regularly monitor and audit the activities of contingent personnel to detect any unusual or unauthorized access.  
                  • Add an extra layer of security by requiring contingent personnel to use Multi-Factor Authorization for accessing sensitive systems. 
                  • Ensure that any devices used by contingent personnel are secure.  

                  By following these practices, companies can significantly reduce the risk of data breaches involving contingent personnel.  

                  Posted in Clients, Working Knowledge