Monster.com data theft “worse than predicted”
USAjobs.gov.site targeted by Monster hackers
The hackers that broke into the Monster.com recruitment website in July have also hacked into the US government jobs website, USAjobs.gov.site, a government spokesperson has revealed. Monster operates the website for the government.
About 146,000 job seekers have had their personal information stolen using the same Trojan program, run out of the Ukraine, that compromised the Monster.com site. The stolen information stolen included names, mailing addresses, phone numbers and email addresses. Social security numbers, which are encrypted in the database, were not compromised.
The US government discovered the breach when a site user submitted a fraudulent email on July 20. Access to the site will be restricted until Monster completes it efforts to secure system security.
After the breach of the Monster.com site, the hackers, using personal information from the recruitment firm’s client database, have been posing as potential employers or Monster.com employees to contact victims in a bid to extract bank account details and passwords.
Details of the Monster.com breach were discovered only after computer security firm Symantec reported on its website that it had found a new kind of Trojan, called Infostealer.Monstres, that had gathered 1.6 million personal records stolen from Monster.com and had uploaded them to a remote server on a computer in Ukraine. The Trojan only attacked the ‘Monster for Employers’ site, the section used by recruiters and human resources personnel to search for potential candidates, which was probably accessed using the stolen credentials of a Monster.com employee.
The personal data of potentially several hundred thousand people, mainly US-based, stored in the database could be used to steal personal identities to perpetrate financial fraud. The use of personal details and the Monster.com name makes this phishing scam seem more genuine than those most online consumers have become accustomed to. The victims were also expecting to be contacted by strangers with job offers as a result of signing up to the recruitment site.
Calum Macleod, European director for Cyber-Ark, a data vaulting and security specialist, is not surprised that the breach was much worse than first thought. “It was bad enough that the personal details of tens of thousands of job seekers around the world were compromised when news of Monster.com’s security breach was revealed earlier this month, but with this latest revelation job seekers should now assume that their personal data has been compromised,” he says in a statement.
“The worst part about the data hacking is that it could so easily have been avoided, had the job seeker’s website encrypted the personal data of its millions of users,” he adds.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Regulation
Industry calls for major rethink of Basel III rules
Isda AGM: Divergence on implementation suggests rules could be flawed, bankers say
Saudi Arabia poised to become clean netting jurisdiction
Isda AGM: Netting regulation awaiting final approvals from regulators
Japanese megabanks shun internal models as FRTB bites
Isda AGM: All in-scope banks opt for standardised approach to market risk; Nomura eyes IMA in 2025
CFTC chair backs easing of G-Sib surcharge in Basel endgame
Isda AGM: Fed’s proposed surcharge changes could hike client clearing cost by 80%
UK investment firms feeling the heat on prudential rules
Signs firms are falling behind FCA’s expectations on wind-down and liquidity risk management
The American way: a stress-test substitute for Basel’s IRRBB?
Bankers divided over new CCAR scenario designed to bridge supervisory gap exposed by SVB failure
Industry warns CFTC against rushing to regulate AI for trading
Vote on workplan pulled amid calls to avoid duplicating rules from other regulatory agencies
Bank of Communications moves early to meet TLAC requirements
China Construction Bank becomes last China G-Sib to release TLAC plans
Most read
- Top 10 operational risks for 2024
- Japanese megabanks shun internal models as FRTB bites
- Market for ‘orphan’ hedges leaves some borrowers stranded