Human Resources information is one of the most commonly exposed assets in cyberattacks, according to a new report from Lab 1.

The study reviewed over 141 million individual file records from 1,297 ransomware and data breach incidents. The findings are alarming: HR data appeared in 81.7% of breaches, making it one of the most frequently compromised data types.

The compromised information often includes payroll records, resumes, and other personally identifiable information (PII). Recruitment data was also widely affected, present in 58% of breaches, and typically included names, addresses, and contact details.

“The fact that HR data was found in 82% of the analyzed breaches should be a top concern for all company leaders, from the CHRO to the CISO,” said Robin Brattel, Co-founder and CEO of Lab 1, in a statement to HRD.

The risks are not theoretical. It has been revealed that Coca-Cola suffered a data breach in September 2017, but law enforcement requested the company delay disclosure while the incident was under investigation.

The breach occurred when a former employee took a hard drive containing the personal data of about 8,000 Coca-Cola employees.

A Coca-Cola representative confirmed:

“We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company. We do not have any information to suggest that the information was used to commit identity theft.”

While there was no evidence of malicious use, the company warned affected employees to remain vigilant.

This case illustrates the sensitivity of HR-related data, and the real-world risks organizations face when employee information is compromised.

The Lab 1 report warns that breaches containing HR-related content are highly valuable for AI-enabled exploitation. Because HR files often include narrative-rich documents such as resumes and cover letters, they can be weaponized to:

• Create synthetic identities
• Develop deep-fake content
• Launch voice-clone phishing attacks

Such data significantly increases the risk of advanced social engineering and psychological operations, particularly in highly regulated industries.

With phishing attempts often impersonating HR or colleagues and AI-generated deep-fake people on the rise, the threat to employees is escalating.

According to Brattel, protecting HR-related data requires both technical security and behavioral discipline.

“HR leaders and CISOs need to present an active and united front to embed day-to-day cyber discipline, rather than relying solely on training or policy documents,” he told HRD.

Brattel stressed that employee protection should be prioritized on par with customer data security.

“Creating an environment of shared accountability and steady action will help organizations build the trust and protection that’s important to their employees and their reputation,” he said.

Experts recommend that organizations conduct regular cyber health checks to stay ahead of evolving threats. These assessments identify weaknesses across technical, non-technical, and physical assets, and provide actionable recommendations to reduce risks and strengthen resilience.

With data breaches ranking as the second-biggest threat to organizations behind cyberattacks, the urgency to establish robust and adaptive cybersecurity regimes has never been greater.

ASE Connect

ASE partners with SensCy to provide ASE members with access to comprehensive cybersecurity solutions tailored to meet the unique challenges facing small and medium-sized organizations today. For more information, contact Dana Weidinger. Take the complimentary SensCy cybersecurity assessment here.

Sources: hcamag.com, itgovernance.co.uk