Cornerstone Staffing Solutions is assessing a cybersecurity incident after the Qilin ransomware group claimed it stole a large volume of internal data, including resumes belonging to job seekers. The group published samples on its leak site and said the cache contains roughly 300GB of files. Qilin also claimed the material includes personal information drawn from more than one hundred thousand resumes, along with additional internal documents. Cornerstone, a staffing firm based in the San Francisco Bay Area with offices across the United States, has not publicly confirmed the scope of the breach.
Files posted by Qilin include documents labeled as resumes that appear to contain names, addresses, phone numbers, and email details. Some samples also contain Social Security numbers and employee identification numbers, although it is not clear whether these belong to candidates, current employees, or both. Other material shown by the group includes invoices, sales records, bank information, and non-disclosure agreements. Cybersecurity analysts reviewing the samples note that the content is consistent with data held by staffing agencies and could be used for identity theft or targeted fraud.
Staffing and recruitment firms hold extensive personal information because they collect resumes, employment histories, and background screening data. Industry specialists warn that these firms can face the same level of targeting as larger employers but may not have equivalent security resources. Candidate data is particularly attractive to threat groups because it includes accurate personal and professional details that can be used to craft convincing phishing messages. Attackers may also use the information to target organisations that eventually hire affected candidates.
Qilin operates a ransomware service that allows affiliated groups to conduct attacks and share a portion of the proceeds. The group has been active across multiple sectors this year, including manufacturing, logistics, and financial services. Its recent campaigns often involve data theft followed by publication on leak sites, even when victims do not engage with ransom demands. Security researchers note that once data is posted, it may spread to other criminal groups or be resold on underground marketplaces.
Cornerstone’s public website states that the company works with more than ten thousand job seekers each year and supports sectors such as logistics, transportation, manufacturing, and technology. Because of the nature of its business, the firm routinely stores resumes, onboarding forms, and payroll-related information. Analysts say that any confirmed breach affecting this type of data would require a careful review of notification obligations under state privacy laws.
The incident highlights a broader trend in which threat groups target organisations that collect and store personal information at scale. Recruitment agencies, payroll processors, and human resources service providers hold extensive data sets linked to multiple companies. A compromise at one firm may expose information that belongs to several employers and job seekers. Security advisers recommend that staffing firms evaluate system segmentation, data access controls, and third-party risk processes to reduce exposure to similar incidents.
Cornerstone has not issued detailed public guidance for affected individuals. Cybersecurity experts say that anyone whose resume or personal documents were stored with a staffing agency should monitor accounts for unusual activity and remain cautious of unsolicited messages that reference past employment or job applications.