boyden medusa ransomware

Ransomware gang Medusa yesterday claimed an attack against Boyden, an international headhunting firm. Medusa is demanding $2 million in ransom for what it says is 79.3 GB of stolen data, and is giving Boyden eight days to pay it.

Boyden has not confirmed the attack as of time of writing. Comparitech contacted Boyden for comment and will update this article if it responds.

We don’t yet know what information was involved, how many people were affected, how Medusa allegedly breached Boyden’s systems, or whether Boyden will pay the ransom.

Boyden collects a lot of data about candidates and businesses who want to hire those candidates. According to Boyden’s privacy policy, candidate info might include “name, signature, postal address, email address, telephone number, education, employment, employment history, bank account number, race, color, age (40 years and older), ancestry, national origin, citizenship, religion or creed, medical condition, physical or mental disability, sex (including gender), sexual orientation, current and/or past employment history including performance evaluations, education records, files, documents, and other materials directly related to a student maintained by an educational agency or institution or by a person acting for such an agency or institution, such as grades, transcripts, personal interests, hobbies and background check information (like identity verification, criminal, civil and regulatory judgments, financial and credit ‎checks), health insurance information, information used to create a profile about a candidate reflecting the candidate’s intelligence and abilities or any other details a candidate may choose to share with us.‎”

All of that data could put candidates at risk of identity theft, medical benefits fraud, tax fraud, scams, and phishing. Comparitech recommends potential victims monitor their accounts, financial statements, and credit reports for signs of fraud.

Who is Medusa?

Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.

Medusa has been confirmed as the gang behind 11 attacks in the US so far this year. These include attacks on Water for People, Signature Performance, Inc. Henry County, Traverse City Area Public Schools, Tarrant Appraisal District, the East Baton Rouge Sheriff’s Office, John R. Wood Properties, and Lee University.

Medusa is responsible for 24 confirmed attacks in the US since it began operating, according to our data.

About Boyden

Founded in 1946, Boyden is a leadership and talent advisory firm based in Tarrytown, New York. It operates more than 70 offices in 45 countries, according to its website. According to Boyden’s LinkedIn profile, it employs between 1,000 and 5,000 people.