The Computer Merchant, an IT staffing firm, suffered a ransomware attack in July 2024 attributed to the Play ransomware gang, which exfiltrated sensitive data. The breach compromised 34,127 individuals' names and Social Security numbers, along with client documents, payroll, accounting records, budgets, and contracts though the company initially denied data theft until January 2025, when stolen data was publicly leaked. The delay in notification (over a year for some victims) exacerbated risks, prompting the firm to offer free credit monitoring and a $1M insurance policy to affected parties. Play’s double-extortion model (demanding ransom for decryption *and* to prevent data leaks) aligns with its history of targeting sectors like healthcare, finance, and manufacturing. The attack’s scale part of Play’s 163 confirmed breaches (1.4M+ records compromised) highlights systemic vulnerabilities in staffing firms, with operational disruption, reputational harm, and long-term fraud risks for victims. The company’s late detection and response further intensified the fallout, underscoring gaps in cybersecurity resilience.
TPRM report: https://www.rankiteo.com/company/the-computer-merchant
"id": "the357082425",
"linkid": "the-computer-merchant",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 34127,
'industry': 'Staffing/Recruitment',
'location': 'Norwell, Massachusetts, USA',
'name': 'The Computer Merchant',
'type': 'IT staffing firm'}],
'customer_advisories': ['Free credit monitoring enrollment (deadline: '
'2025-11-19)',
'$1 million insurance policy for eligible victims'],
'data_breach': {'data_exfiltration': 'Claimed by Play ransomware gang '
'(unverified by The Computer Merchant)',
'file_types_exposed': ['documents',
'spreadsheets (budget/payroll)',
'contracts'],
'number_of_records_exposed': 34127,
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs and confidential '
'business documents)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial records',
'business documents']},
'date_detected': '2024-07',
'date_publicly_disclosed': '2025-01',
'description': 'IT staffing firm The Computer Merchant confirmed a July 2024 '
'data breach that compromised the names and Social Security '
'numbers of 34,127 individuals. The ransomware gang Play '
'claimed responsibility, stating it stole private and personal '
'confidential data, including client documents, budget, '
'payroll, accounting, and contracts. The company did not '
'verify Play’s claims regarding the extent of the breach or '
'whether a ransom was paid. Notification to victims was '
'delayed until January 2025, with credit monitoring and a $1 '
'million insurance policy offered to eligible individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'delayed notification and data exposure',
'data_compromised': ['names',
'Social Security numbers',
'client documents',
'budget records',
'payroll data',
'accounting records',
'contracts'],
'identity_theft_risk': 'High (SSNs compromised)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Claimed by Play '
'(unverified)',
'high_value_targets': ['client documents',
'payroll/accounting data']},
'investigation_status': 'Ongoing (initial investigation in July 2024; updated '
'in January 2025 after public data claim)',
'motivation': ['financial gain (ransom)', 'data theft for extortion/sale)'],
'post_incident_analysis': {'corrective_actions': ['Credit monitoring for '
'victims',
'Insurance policy '
'offering']},
'ransomware': {'data_exfiltration': 'Claimed by Play (unverified)',
'ransomware_strain': 'Play'},
'references': [{'source': 'Comparitech'},
{'source': 'The Computer Merchant breach notice to victims'}],
'response': {'communication_strategy': ['Victim notification letters',
'Public disclosure (via breach '
'notice)',
'Media outreach (Comparitech '
'contacted for comment)'],
'incident_response_plan_activated': 'Yes (investigation '
'conducted in July 2024, '
'updated in January 2025)',
'remediation_measures': ['Offered free credit monitoring',
'Provided $1 million insurance policy '
'to victims']},
'threat_actor': 'Play ransomware gang',
'title': 'The Computer Merchant Data Breach (July 2024)',
'type': ['data breach', 'ransomware attack']}