Ransomware victim disclosure
← All victimsLStaff / AtWorks Professional Staffing
listed as lstaff.com / atworksprofessional / atworks.com · Claimed by Revil · listed 5 years ago
Status timeline
- ListedSep 9, 2021
- Data leakeddate unknown
At a glance
- Group
- Revil
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Sep 9, 2021
About the victim
AI dossier — public-source company profileLStaff.com and AtWorks Professional Staffing (atworksprofessional.com / atworks.com) appear to be related staffing and workforce solutions entities operating in the United States, providing temporary and permanent placement services to businesses. The combined branding suggests a professional staffing operation serving employers and job seekers across multiple sectors. No further detail is available from the captured site content.
- Industry
- Staffing & Workforce Solutions
Attack summary
Severity: high — A staffing firm holds significant volumes of PII for both job candidates and client employees (names, SSNs, employment history, financial data); REvil reaching the data_published stage confirms exfiltration, making this high severity. Insufficient evidence to elevate to critical without confirmed regulated-data (e.g., medical or government) exposure at scale.REvil ransomware group claimed an attack on the victim and has progressed to the data_published stage, indicating exfiltration and likely publication of stolen data. No specific data volume or ransom demand was captured in the available post.
Data the group says was taken
AI dossier — extracted from the leak post- Employee records
- Client business data
- Candidate personal information
- HR and payroll data
Sources
- Victim sitelstaff.com
Source
Indexed 5 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

