The cyber-crooks behind the data breach affecting Monster.com also stole personal information from 146,000 people who use USAJobs, a job-hunting site for the federal government.
Monster Worldwide is the technology provider for the USAJobs.gov Web site, which is run by the U.S. Office of Personnel Management. USAJobs.gov has 2 million subscribers, and users can post resumes or federal job openings.
The stolen information, which includes names, e-mail addresses and telephone numbers, has been used by “phishing e-mailers” in an attempt to collect sensitive information from job seekers, federal officials said in an advisory.
To read more about Monster.coms data breach, click here.
“USAJobs will NEVER request personal information via unsolicited e-mail (i.e. not a response to an e-mail sent by you),” a posting on the USAJobs Web site said. “Monster has also assured us THEY will NEVER ask any site users to download any software, tool or access agreement.”
The USAJobs revelation is the latest twist in the ongoing fallout from the data breach affecting Monster.com. Symantec notified Monster on Aug. 17 that a hacker-controlled server contained personal data including e-mail and home addresses and resume identification numbers for more than 1 million Monster customers.
An investigation revealed that the data had been swiped using legitimate log-on credentials stolen from recruiters and human resources personnel with corporate Monster.com accounts.
In total, Monster said it believes data from 1.3 million customers was stolen. In response, the company shut down the rogue server and has announced plans to beef up security measures.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.