Everest Group - What Happens When Your HR System Becomes Your Weakest Link?

Everest Group, is an old name in cyber extortion and now it is rewriting the rulebook for modern cybercrime. It has come into spotlight as the group has launched a wave of attacks spanning healthcare giants, construction conglomerates, and even Coca-Cola — and its target isn’t payment systems or IP. It’s people, their data, their records.

In May alone, Everest advertised nine new breaches across the Middle East, Africa, Europe, and North America. Can you guess what was their target - HR records — rich with personally identifiable information (PII), scanned passports, salary details, and internal employee directories. The biggest breach hit Coca-Cola, exposing nearly a thousand employee files.

What ties these attacks together? Investigators at VenariX found a common thread in each breach: SAP SuccessFactors, the cloud-based HR platform, and more specifically, a third-party integrator known as INK IT Solutions.

Everest group has successfully exfiltrated deeply personal data from South Africa’s Mediclinic Group to Abu Dhabi’s Department of Culture and Tourism (DCTA), and even Jordan Kuwait Bank, and now demanding ransom amid the threat to release it publicly. For DCTA alone, 12GB of HR records are at risk, including birth and marriage certificates, PHI, and government-issued IDs. DCTA's site briefly went dark. Everest’s own site now displays a countdown, expiring June 1.

How many other companies depend on third-party vendors to manage their most sensitive employee data? How many SuccessFactors profiles are just a lateral movement away from becoming the next headline? As INK IT Solutions remains silent, and SAP declines to comment, one question cuts through the fog:

When trust in cloud HR systems collapses, what happens to the trust inside the company?