The Job Shop, a nationwide staffing and employment agency, suffered a ransomware attack by the PEAR group, resulting in a massive data breach. The attackers accessed a company server and exfiltrated 135 GB of sensitive data, including personally identifiable information (PII), protected health information (PHI), financial records (W-2 forms for 2018–2020), client details, vendor data, and full email correspondence. The breach exposed names, addresses, and Social Security numbers of thousands of individuals, though the exact count remains undisclosed. The stolen data was publicly leaked on a dark web Tor site, confirming a ransomware-driven exfiltration and extortion scheme. The company acknowledged the inability to determine the full scope of compromised W-2 forms, heightening risks of identity theft, financial fraud, and long-term reputational damage. In response, The Job Shop offered 24 months of free credit monitoring, identity theft protection, and up to $1M in insurance coverage to affected individuals, while notifying regulatory bodies like the Massachusetts Attorney General’s office. The incident underscores severe operational, financial, and trust-related consequences for the agency and its stakeholders.
Source: https://www.claimdepot.com/data-breach/the-job-shop-2025
TPRM report: https://www.rankiteo.com/company/the-job-shop-staffing
"id": "the2592325093025",
"linkid": "the-job-shop-staffing",
"type": "Ransomware",
"date": "6/2018",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Thousands (exact number '
'undisclosed)',
'industry': 'Human Resources',
'location': 'Nationwide (U.S.)',
'name': 'The Job Shop',
'type': 'Staffing/Employment Agency'}],
'customer_advisories': ['Offer of 24 months free credit monitoring (Equifax '
'Credit Watch Gold).',
'Guidance on fraud alerts, credit freezes, and '
'phishing awareness.'],
'data_breach': {'data_exfiltration': 'Yes (135 GB leaked on dark web)',
'file_types_exposed': ['W-2 Forms (PDF/Document)',
'Financial Records',
'Emails',
'Partner/Vendor Databases'],
'number_of_records_exposed': 'Thousands (exact number '
'undisclosed)',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (SSNs, financial, health, and '
'employment data)',
'type_of_data_compromised': ['PII (Names, Addresses, SSNs)',
'PHI',
'Financial Records',
'Tax Documents (W-2 Forms)',
'Email Correspondence',
'Partner/Vendor Data']},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-09-29',
'description': 'The Job Shop, a nationwide staffing and employment agency, '
'experienced a major data breach on Aug. 14, 2025. A '
'ransomware group known as PEAR claimed responsibility, '
'leaking 135 GB of data, including financial records, PII, '
'PHI, partner/vendor data, client information, and email '
'correspondence. The breach exposed W-2 forms (2018–2020) '
'containing names, addresses, and Social Security numbers, '
'potentially affecting thousands of individuals. The company '
'is offering 24 months of free credit monitoring and identity '
'theft protection services to affected parties.',
'impact': {'brand_reputation_impact': 'High (Public data leak on dark web, '
'potential loss of trust)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Financial Records',
'W-2 Forms (2018–2020)',
'Partner/Vendor Data',
'Client Information',
'Email Correspondence'],
'identity_theft_risk': 'High (SSNs, names, addresses exposed)',
'legal_liabilities': 'Potential (Massachusetts AG notified; '
'state/federal disclosures required)',
'systems_affected': ['Server containing W-2 forms and sensitive '
'data']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (135 GB leaked on '
'PEAR’s dark web site)',
'high_value_targets': ['Server with W-2 forms and '
'sensitive data']},
'investigation_status': 'Ongoing (unable to confirm full scope of W-2 form '
'compromise)',
'motivation': 'Financial (Ransomware/Extortion)',
'post_incident_analysis': {'corrective_actions': ['Credit monitoring for '
'affected individuals',
'Regulatory disclosures']},
'ransomware': {'data_exfiltration': 'Yes (135 GB leaked)',
'ransomware_strain': 'PEAR'},
'recommendations': ['Sign up for free credit monitoring/identity theft '
'protection (Equifax Credit Watch Gold).',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing attempts using exposed PII.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'The Job Shop Breach Notification (Company '
'Website)'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
'Attorney General '
'(disclosed '
'2025-09-29)',
'State/Federal '
'disclosures (as '
'required)']},
'response': {'communication_strategy': ['Mail notifications to affected '
'individuals',
'Disclosure to Massachusetts Attorney '
'General',
'Public advisory on company website'],
'incident_response_plan_activated': 'Yes (Third-party IT vendor '
'involved)',
'remediation_measures': ['Notification to affected individuals '
'(mail)',
'Credit monitoring/identity theft '
'protection (24 months via Equifax '
'Credit Watch Gold)'],
'third_party_assistance': 'Yes (IT services vendor, Equifax for '
'credit monitoring)'},
'stakeholder_advisories': 'Notification letters mailed to affected '
'individuals; public advisory on company website.',
'threat_actor': 'PEAR (Ransomware Group)',
'title': 'The Job Shop Data Breach and Ransomware Attack (2025)',
'type': ['Data Breach', 'Ransomware Attack']}