PeopleCheck Data Breach: Ransomware Group Claims to Steal 4.3 GB of Data

On June 28, 2025, PeopleCheck discovered a major data breach affecting personal information processed for clients between June 2024 and June 2025. The breach was traced to threat actors who gained unauthorized access using compromised login credentials.

Shortly after, on July 7, 2025, PeopleCheck notified its client With Intelligence that their candidates’ and employees’ data may have been impacted. By July 11, 2025, the company confirmed that specific personal information had been accessed and identified the individuals affected.

The Everest ransomware group publicly claimed responsibility for the attack, announcing on their dark web site on Tor network on June 23, 2025, that they had exfiltrated 4.3 GB of SQL data from PeopleCheck’s systems.

The stolen data includes comprehensive client profiles, such as names, email addresses, postal addresses, phone numbers, birth dates, passwords, profile pictures, IP addresses, and two-factor authentication tokens. Additionally, detailed invoice records containing payment details, pricing, discounts, and company IDs were compromised. The attackers threatened to publish the data within seven to eight days if their demands were not met.

For individuals whose data was processed by PeopleCheck on behalf of With Intelligence, the following personally identifiable information (PII) was exposed: name, email address, internal reference name, date of birth, phone number, birth city, Social Security number, gender, mother’s name, and share code.

This breach is considered severe due to the sensitive nature of the information accessed, the volume of data involved, and the confirmed involvement of a ransomware group known for publishing stolen data if ransom demands are unmet.

On July 21, 2025, With Intelligence Ltd. confirmed its data was involved in the breach.

PeopleCheck's response

In response to the breach, PeopleCheck promptly engaged forensic investigators to assess the scope and impact of the incident. The company worked closely with affected clients, including With Intelligence, to identify impacted individuals and provide timely notifications. PeopleCheck has coordinated with With Intelligence to notify all affected employees and candidates, enabling them to take protective measures.

Recognizing the seriousness of the breach, PeopleCheck is offering affected individuals complimentary access to identity monitoring and credit monitoring services through Kroll, a global leader in risk mitigation and response. These services are available for 24 months and include Web Watcher (monitoring internet sites for exposed identity information), credit monitoring (alerting individuals to changes in their credit data), fraud consultation (unlimited access to Kroll fraud specialists), and identity theft restoration (assistance from a dedicated investigator in the event of identity theft).

Impacted individuals are encouraged to enroll in these services by emailing customercare@peoplecheck.com to receive an activation code, then visiting Kroll’s enrollment portal. Enrollment must be completed by Oct. 31, 2025. For further support, Kroll’s UK Support team can be reached at 0800-046-5453 or UKSupport@Kroll.com.

Additionally, affected individuals should remain vigilant by monitoring their credit reports, reviewing account statements for unauthorized activity, and considering placing fraud alerts or security freezes with the major credit bureaus. Resources and contact information for Equifax, Experian, and TransUnion are provided in the official notification. Guidance from the Federal Trade Commission and state attorneys general is also available for those seeking further protection or who believe they are victims of identity theft.