The job website failed to warn its users about the problem until 22 August, despite being informed of the attack on 17 August by Symantec.
Symantec posted a report on its website on 21 August, and Monster.com followed suit with a warning on its own site a day later.
But by the time the attack had been shut down, the confidential information from 1.3 million job seekers had already been uploaded to servers in the Ukraine.
Patrick Manzo, vice president of compliance and fraud prevention at Monster.com, claimed that the stolen data did not go beyond names, addresses, phone numbers and email addresses.
Patrick Martin, senior product manager at Symantec, said that the aim of the attack seemed to have been to gain access to user data to send more convincing spam in the hope of stealing financial information.
"They were trying to get financial data from people to give any future spam emails they send a little bit more credibility," he said.
Monster has posted hard-copy letters to the 1.3 million affected users so that they could be warned about the disclosure without needing to open an email.
The company's database holds around 73 million CVs.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago