The Qilin ransomware group has claimed responsibility for a massive cyberattack on Cornerstone Staffing Solutions, stealing over 300 GB of sensitive data, including the personal resumes of 120,000 job seekers and internal financial documents.
According to the group’s statement, Qilin listed Cornerstone on its dark web leak site, boasting access to over 1 million stolen files and nearly 24 million individual data points. Exposed materials reportedly include names, addresses, Social Security numbers, emails, phone numbers, employee IDs, and branch details.
Among the leaked files are salary lists, invoices, bank statements, signed NDAs, and 2024 financial plans. Headquartered in San Francisco, Cornerstone Staffing operates across the United States, with offices in California, Michigan, Texas, Maryland, New Jersey, and more. Founded in 2003, the company connects around 10,000 job seekers annually, specializing in technology, logistics, engineering, and sales staffing.
Qilin, which operates under a ransomware-as-a-service (RaaS) model, used a double extortion technique — demanding one payment for decryption and another to prevent public leaks. The group is known to recruit affiliates on Russian-language hacker forums and deliberately avoids attacking CIS countries, suggesting possible Kremlin ties.
In 2025, Qilin became the most active ransomware operation in the world, with over 500 confirmed attacks in the past six months. Its high-profile victims include Habib Bank AG Zurich, MedImpact Healthcare Systems, Volkswagen Group France, Asahi Holdings, and Israel’s Shamir Medical Center.
Analysts report that since its emergence in 2021, Qilin has exfiltrated over 116 terabytes of data, affecting more than 780,000 records globally. The majority of its attacks target US organizations (375), followed by France (41), Canada (39), South Korea (33), and Spain (26).
Qilin has also formed alliances with other ransomware syndicates such as LockBit and DragonForce, creating a networked cyber-crime ecosystem that shares tactics, tools, and stolen data.
The Cornerstone breach underscores how recruiting agencies remain a prime target for cybercriminals due to their vast repositories of personal data. Such databases are treasure troves for phishing, identity theft, and corporate espionage. For modern companies, cybersecurity is no longer optional — it’s the foundation of business trust and survival.
