Shiftster Data Breach Lawsuit

Shiftster LLC (“Shiftster”), the operator of ESHYFT, a technology platform connecting nurses with long-term care facilities, has reported a data incident that may have exposed certain personal information. While there is currently no evidence that the exposed information has been or will be misused, Shiftster is taking steps to address the breach, notify impacted individuals, and help protect their personal data.

Shiftster LLC’s Data Breach Investigation

On March 12, 2025, Shiftster became aware that one of its online storage systems, an AWS S3 bucket used for the ESHYFT app, was accessed without authorization. The breach was initially discovered when a self-identified cybersecurity researcher alerted the company to the suspicious activity. After an immediate investigation, Shiftster confirmed that the breach had occurred, though there is no indication that anyone other than the researcher accessed or viewed the affected data.

Shiftster quickly took action to contain the breach and mitigate any potential impact on its users. The company then initiated a thorough investigation into the scope of the incident and began implementing measures to prevent future incidents. As a precaution, Shiftster is notifying affected individuals about the breach, providing them with the information they need to take steps to protect their personal information.

When Did This Breach Occur?

The breach occurred between March 12, 2025 and the discovery of the incident on the same day. Shiftster immediately initiated a response plan upon learning of the unauthorized access.

What Information Was Breached?

The investigation determined that the following types of personal information may have been exposed:

• Name
• Date of birth
• Address
• Vehicle identification number
• Certain health information

It’s important to note that Social Security numbers were not impacted by this incident. While the breach potentially exposed sensitive data, there is no evidence to suggest that any personal information has been misused.

What We Are Doing and What You Can Do

Shiftster has taken several steps to address the breach and protect its users:

1. Investigation and Security Measures: Shiftster launched an investigation immediately upon learning of the breach and worked to secure the affected data. The company is also enhancing its security measures to prevent future incidents.
2. Notifications: Impacted individuals were notified, and Shiftster is offering them complimentary identity protection services to help safeguard their personal information.
3. Fraud Protection Recommendations: In light of the increasing frequency of data breaches, Shiftster encourages individuals to remain vigilant and take steps to protect their personal data.

Here are actions you can take to further safeguard your information:

• Monitor Accounts: Regularly check your bank and credit card statements for any suspicious activity or unauthorized charges.
• Place Fraud Alerts: Consider placing fraud alerts with the major credit bureaus (Equifax, Experian, and TransUnion) to notify lenders to take extra precautions when verifying your identity.
• Freeze Your Credit: You can place a credit freeze with the credit bureaus to prevent anyone from opening new accounts in your name without your permission.
• Report Suspicious Activity: If you notice any suspicious activity on your financial accounts or credit reports, immediately report it to your bank or credit card provider.
• Review Free Credit Reports: Obtain free annual credit reports from the three major credit bureaus to review your credit history and spot potential fraudulent activities.

Shiftster has also provided a toll-free call center and a dedicated website where individuals can ask questions and get more details on protecting their personal information.

File a Data Breach Lawsuit Against Shiftster