Sal Iannuzzi, chief executive at the recruitment website, said that the company's investigations into the recent hack found a second attack that had gone undetected.
Iannuzzi admitted that Monster.com had no idea how much information had been taken in the second attack nor how often its database had been accessed.
"We are assuming that it is a large number," he told Reuters. "It could easily be in the millions."
Despite promising to invest $80m to $100m in traffic surveillance and security, Iannuzzi admitted that Monster.com may never be safe.
"I want to be clear and I want to be frank: there is no guaranteed fix," he said. "I wish I could say there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no internet company can."
Monster.com said that the only data that was taken were names, addresses, phone numbers and email addresses.
However, follow-up attacks have already targeted Monster.com job seekers using social engineering techniques to try and gain financial details.
Emails have been sent out pretending to be from recruiters asking for bank account details to complete job applications.
False emails containing links to malicious software that could steal sensitive data have also been sent out.
Monster.com kept the original attack secret for five days before alerting users to the problem.
The company's database holds around 73 million CVs. Iannuzzi claimed that only a few hundred had cancelled their accounts, along with a "handful" of employers.
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23
Asda, Morrisons and Tesco in the frame for checkout facial recognition technology
Research opens up new possibilities for structural batteries, where the carbon fibre forms part of the energy system
Another shape could have indicated hard-to-detect particles