Shiftster dba ESHYFT Data Breach Lawsuit Investigation
Shiftster dba ESHYFT has confirmed an unauthorized access incident involving an Amazon Web Services (AWS) S3 bucket used by its healthcare-staffing app. If you received a breach notice dated August 5, 2025, you could qualify for legal remedies and identity-protection assistance. Contact our data-breach team today to discuss your rights and potential claim.
Key Facts
- Incident type: Unauthorized access to AWS S3 storage used by the ESHYFT mobile app
- Total individuals affected: 10 (reported to the Massachusetts Attorney General)
- Discovery date: March 12, 2025
- Consumer notifications mailed: August 5, 2025
- Regulatory filing: Massachusetts on October 17, 2025
- Exposed data elements: name, date of birth, address, vehicle identification number, certain health information (no Social Security numbers)
Timeline of Events
March 12, 2025 – Unauthorized Access Detected
Shiftster became aware that an online AWS S3 bucket used to store data for the ESHYFT app had been accessed without authorization. The alert came from an individual identifying as a “cyber security researcher.”
Post-Discovery Actions
The company immediately secured the bucket and launched an internal investigation to assess the scope of exposure.
August 5, 2025 – Consumer Notice Issued
After a “diligent review” of the compromised files, Shiftster began sending written notifications to affected users explaining what information may have been involved.
October 17, 2025 – Regulatory Filing
Shiftster filed an official breach report with the Massachusetts Attorney General, confirming 10 impacted Massachusetts residents.
Information Exposed
According to the company’s notification, the following personal data may have been subject to unauthorized access:
- Name
- Date of birth
- Physical address
- Vehicle Identification Number (VIN)
- Certain health information
No evidence suggests Social Security numbers were stored in the compromised bucket.
Company Response
Shiftster states it:
- Secured the AWS S3 bucket immediately after learning of the incident.
- Launched an investigation to determine the scope of exposure.
- Notified impacted individuals and relevant regulators “in an abundance of caution.”
What You Can Do
The breach notice recommends the following preventive measures:
- Remain vigilant and monitor financial and medical accounts for unusual activity.
- Place fraud alerts or security freezes with credit bureaus if necessary.
- Promptly report any suspicious transactions or suspected misuse of personal information.
Company Overview
Shiftster LLC, operating as ESHYFT, provides on-demand staffing solutions for nursing professionals through its mobile application.
- Website: eshyft.com
- Headquarters: 4579 U.S. 9, Howell, NJ, United States
- Year founded: 2017
- Industry: Healthcare Staffing
- Employees: 11–50
- Social profiles: Facebook | X | Instagram | LinkedIn
Frequently Asked Questions
How many people were affected by the Shiftster dba ESHYFT data breach?
The Massachusetts Attorney General filing lists 10 affected individuals.
What personal information was exposed in the ESHYFT breach?
Potentially exposed data includes name, date of birth, address, vehicle identification number, and certain health information.
Has Shiftster offered free credit monitoring?
The notice does not mention complimentary credit monitoring. Impacted users are advised to remain vigilant and consider placing fraud alerts or security freezes.
Why am I receiving a letter months after the incident?
The company completed a detailed review of the compromised files to identify affected individuals before mailing notices on August 5, 2025.
Can I file a lawsuit against Shiftster for the data breach?
Possibly. Data-breach litigation can help recover costs associated with identity protection and future risk. Contact our legal team to discuss eligibility.