Monster.com
has admitted that the number of job seekers on its website who had their
personal data stolen is greater than the 1.3 million
originally
reported.
Sal Iannuzzi, chief executive at the recruitment website, said that the
company's investigations into the recent hack found a second attack that had
gone undetected.
Iannuzzi admitted that Monster.com had no idea how much information had been
taken in the second attack nor how often its database had been accessed.
"We are assuming that it is a large number," he told
Reuters.
"It could easily be in the millions."
Despite promising to invest $80m to $100m in traffic surveillance and
security, Iannuzzi admitted that Monster.com may never be safe.
"I want to be clear and I want to be frank: there is no guaranteed fix," he
said. "I wish I could say there will be absolutely no way that the Monster site
can be compromised. I cannot ever make that promise, and no internet company
can."
Monster.com said that the only data that was taken were names, addresses,
phone numbers and email addresses.
However, follow-up attacks have already targeted Monster.com job seekers
using social engineering techniques to try and gain financial details.
Emails have been sent out pretending to be from recruiters asking for bank
account details to complete job applications.
False emails containing links to malicious software that could steal
sensitive data have also been sent out.
Monster.com kept the
original
attack secret for five days before alerting users to the problem.
The company's database holds around 73 million CVs. Iannuzzi claimed that
only a few hundred had cancelled their accounts, along with a "handful" of
employers.
Do you agree?
Have your say on this article