Allegis Group, one of the world’s largest talent management firms, has been named on the dark web by the Everest ransomware gang, which claims to have accessed internal company documents and client lists. The US-headquartered recruiter — estimated to generate nearly $10 billion in yearly revenue and parent to Aerotek, TEKsystems, MarketSource and other units — was posted on Everest’s leak site as a recent victim.
Dark Web Post Shows Limited Previews of Alleged Stolen Files
Cybernews researchers reviewed the Everest post and found the gang published only a narrow preview of the alleged haul: two screenshots that appear to be Excel sheets. According to the researchers, one screenshot lists client names, email addresses and phone numbers and is said to contain 135,000 lines. A second screenshot of similar data reportedly contains 426,000 lines. The attackers also claim possession of “internal company documents,” but did not publish document samples beyond the two images.
Researchers Warn Contact Lists Could Fuel Phishing Campaigns
Cybernews’ team said the visible screenshots look like client contact datasets and noted the risk that such records could be used in targeted phishing or social-engineering campaigns. The researchers also highlighted text in the post mentioning a “huge variety of personal documents,” but said the gang provided no samples of those materials. “These documents could potentially be more dangerous than just contact info included in the visible screenshots,” the research team said.
Ransomware Cartel Uses Chunked Leaks to Pressure Victims
The Everest post follows a familiar playbook in which ransomware groups publish small samples of stolen data to increase pressure on victims. Leaking information incrementally is a common tactic designed to nudge organizations toward paying a ransom by demonstrating possession of files while keeping most material off the public record.
Everest Ransomware Gang Has Long Record of High-Profile Claims
Everest, a group first observed in 2021 and believed by many investigators to have ties to Russia, has a history of high-profile intrusions. The gang gained attention after posting a claim about an October 2022 attack on AT&T and later published data tied to Coca-Cola’s Middle East division and the Crumbl cookie chain. Cybernews’ dark web monitoring tool, Ransomlooker, indicates Everest has claimed responsibility for at least a hundred organizations in the past 12 months, placing it among the more active ransomware cartels.
Allegis Group Size and Operations Noted As Possible Source of Large Datasets
Allegis Group operates globally through multiple subsidiaries and provides staffing, talent management and workforce solutions. The firm’s reported annual revenue is close to $10 billion, and it serves a broad client base across industries. The scale of Allegis and its many business units may explain the large line counts claimed in the screenshots, if the files are genuine.
Allegis Group has not publicly confirmed the authenticity of Everest’s post or detailed what data — if any — was accessed. The researchers and reporters who reviewed the leak say only limited previews were shown. We have reached out to Allegis Group for comment and will update this story if the company responds.
