Strauss Borrelli PLLC, a leading data breach law firm, is investigating Shiftster LLC, which does business as ESHYFT, regarding its recent cybersecurity incident. The ESHYFT cybersecurity incident may impact the privacy of sensitive personal information belonging to an undetermined number of individuals.
ABOUT SHIFTSTER, LLC D/B/A ESHYFT:
ESHYFT is a healthcare staffing company based in New Jersey. Today, ESHYFT provides a mobile application that connects Certified Nursing Assistants, Licensed Practical Nurses, and Registered Nurses to facilities.2 Additionally, the ESHYFT application allows healthcare providers to post shifts, review and accept applicants, and approve timecards.2 Headquartered in Howell, New Jersey, ESHYFT employs over 10 individuals.
WHAT HAPPENED?
Recently, it was reported by an online source that ESHYFT had experienced a cybersecurity incident impacting the privacy of its data. According to this source, a cybersecurity researcher discovered a non-password-protected database that contained thousands of records belonging to ESHYFT.1 The exposed database contained 86,341 records totaling 108.8 GB in size.1 The majority of the documents were contained inside of a folder labeled “App”.1 In a limited sampling of the exposed documents, the researcher noticed records that included profile or facial images of users, .csv files with monthly work schedule logs, professional certificates, work assignment agreements, CVs and resumes that contained additional personal identifiable information.1 One single spreadsheet document contained 800,000+ entries that detailed a nurse’s internal IDs, facility name, time and date of shifts, hours worked, and more.1 Additionally, the database contained what appeared to be medical documents uploaded to the app potentially proof for why individual nurses missed shifts or took sick leave.1 These medical documents included medical reports containing information of diagnosis, prescriptions, or treatments that could potentially fall under the ambit of HIPAA regulations.1 The name of the database as well as the documents inside it indicated that the records belonged to ESHYFT.1
According to the source, after discovering the database the researcher notified ESHYFT of the exposure. In response, ESHYFT thanked the researcher saying, “Thank you! we’re actively looking into this and working on a solution”.1 At this time, it is not known how long these documents were exposed to the public or if anyone else may have accessed the database.1 As of March 18, 2025, ESHYFT has not publicly acknowledged the data exposure or confirmed whether the incident resulted in a data breach.
If you received a breach notification letter from Shiftster, LLC d/b/a ESHYFT:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
