HR warned to beware ‘cheater lists’ after Ashley Madison hack

An IT security firm is warning Canadian HR teams to dust off their suicide prevention manuals and prepare for HR department-focused scams

An IT security firm is warning Canadian HR teams to dust off their suicide prevention manuals and watch out for scams targeting their departments.
 
The records of over 30 million people using Ashley Madison were recently released by hackers, which included work and personal email addresses.
 
We Live Security has said HR could be targeted with scams masterminded by ‘ethically-challenged’ entrepreneurs looking to cash in on leaked data.
 
The firm said HR in particular should watch out for anyone contacting them with offers of access to data that is specifically relevant to their firm or company.
 
“Look for HR (human resources) departments to be targeted with offers of ‘cheater lists’,” We Live Security’s Stephen Cobb said in an online statement.
 
The firm said offers of cheater lists and other access to leaked data are likely to be fraudulent, ‘not to mention illegal’, and HR should warn their employees.
 
HR could also be facing a range of employee behaviors in response to the leaks, We Live Security claims, including the possibility of a spate of resignations.
 
“Some people may feel obliged to quit their jobs if their connection to Ashley Madison is revealed,” Cobb said.
 
“Depending on their role in your organization, this could have a serious impact on productivity, morale, corporate knowledge, and so on.”
 
The firm also said human resources needed to be ready to confront the possibility of suicide in the workplace, with suicides already reported.
 
“A good HR department will already have processes and resources related to suicide prevention. Now is a good time to refresh those and let employees know that help is available,” Cobb said.
 
“Also consider a communication to managers and supervisors, alerting them to the facts of the situation and urging alertness for signs of employees in distress.”
 
The HR-focused threats came in tandem with other more broader organizational issues, like the potential of phishing scams or blackmail.
 
We Live Security recommended that companies communicate with their employees to inform them of the possible security threats ahead of time.
 
“Regardless of what you think about the Ashley Madison website and business model, the staggeringly irresponsible actions of the person or persons who illegally distributed this stolen data have created real threats to corporate well-being to which we need to respond calmly but effectively,” Cobb said.