Ransomware victim disclosure
← All victimsWorkforce Junction
listed as Hanna Global Solutions · Claimed by Killsec · listed 1 year ago
Status timeline
- ListedApr 1, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsec
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Apr 1, 2025
About the victim
AI dossier — public-source company profileWorkforce Junction is a boutique technology partner specializing in custom employee benefits administration solutions for small and mid-sized businesses (the 'smiddle market'). They provide benefits platforms, ACA management, and related HR technology services with a relationship-first approach, serving benefit advisors and employer clients across the United States.
- Industry
- Employee Benefits Administration Technology & Services
Attack summary
Severity: medium — Disclosed status indicates data_published, suggesting exfiltration occurred. The company handles employee benefits and HR data at scale across multiple clients, which could include PII. However, no specific proof files, data volume, or confirmation of sensitive data categories are documented in the available post excerpt.The killsec group claims to have attacked Hanna Global Solutions / Workforce Junction and published data. No specific details about the type of attack (encryption, exfiltration, or both) or data categories are provided in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- employee benefits records
- employer client data
- potentially PII from benefits administration systems
What the group claims
N/A
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

