Talent Path Information

Unauthorized Access to Talent Path Server

 

The Jobscience Talent Path service experienced a cyber attack, resulting in a data hack by an unauthorized third party that we learned about in August 2018. The Talent Path service is used largely by healthcare organizations to manage their talent acquisition process, and customers were promptly notified about the breach. The Talent Path service is a completely separate offering that is not related to the Jobscience Salesforce offering and wasn’t for the staffing industry. While the Jobscience team stopped selling the service to new customers years ago, it is still in use by some customers.

 

The compromised server housed data submitted by job applicants like names, contact information, and in some cases social security numbers and similar identification data. We believe the hacker also obtained the means to decrypt any data that had been encrypted prior to being stored on the server.  

 

Upon discovering that the server had been hacked, we took prompt corrective measures:

  • Our IT professionals undertook to completely patch the affected server to ensure it had the most up-to-date security in place. They also reviewed existing scripts to ensure that all malicious content was removed, and initiated a forced password reset to provide that any passwords that had been compromised could not be used to further access the system. 
  • In addition, the affected server is currently subject to ongoing assessments of the security environment and increased levels of review to ensure the appropriate security controls remain in place and functioning. Our IT professionals have also confirmed that other Jobscience servers were unaffected by the hack.
  • The Talent Path service is now being managed under Bullhorn’s Business and Technology Organization, ensuring that it now and in the future adheres to the same best-in-class security standards that have long governed Bullhorn’s core products.
  • We conduct regular scans and testing of our systems to detect and patch vulnerabilities.

 

This incident is of profound concern to us and we have been working closely with affected customers to minimize any impact from this incident.  Also, customers of the Jobscience Salesforce offering and the Bullhorn platform can be confident that their data was not affected by the incident and that Bullhorn’s products are protected by best-in-class security standards and procedures that have long governed our offerings.