Sal Iannuzzi, chief executive at the recruitment website, said that the company's investigations into the recent hack found a second attack that had gone undetected.
Iannuzzi admitted that Monster.com had no idea how much information had been taken in the second attack nor how often its database had been accessed.
"We are assuming that it is a large number," he told Reuters. "It could easily be in the millions."
Despite promising to invest $80m to $100m in traffic surveillance and security, Iannuzzi admitted that Monster.com may never be safe.
"I want to be clear and I want to be frank: there is no guaranteed fix," he said. "I wish I could say there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no internet company can."
Monster.com said that the only data that was taken were names, addresses, phone numbers and email addresses.
However, follow-up attacks have already targeted Monster.com job seekers using social engineering techniques to try and gain financial details.
Emails have been sent out pretending to be from recruiters asking for bank account details to complete job applications.
False emails containing links to malicious software that could steal sensitive data have also been sent out.
Monster.com kept the original attack secret for five days before alerting users to the problem.
The company's database holds around 73 million CVs. Iannuzzi claimed that only a few hundred had cancelled their accounts, along with a "handful" of employers.
Staff told to beware of "unusual sounds" after an employee reported mystery symptoms
Sophisticated malware comprises code previously used to attack Ukraine
Including a 15-inch Intel Core-powered device weighing less than a bag of sugar
Tuomo Suntola's ALD technology extended Moore's Law, but was only adopted by chip-makers in 2007