Computer Crime Research Center

hack/images12.jpg

Hackers steal details of 4.5 million in attack on Monster jobs site

Date: January 27, 2009
Source: technology.timesonline.co.uk


The personal details of millions of job seekers have been stolen in the largest data theft in Britain, The Times has learnt.

Hackers gained access to confidential details provided by 4.5 million people to Monster.co.uk, the online recruitment site.

Names, passwords, telephone numbers, e-mail addresses, birth dates, sex and ethnicity data as well as other “demographic information”, were all stolen, the company admitted yesterday.

It is the most extensive breach of confidential data since HM Revenue and Customs lost the details of 25 million child benefit recipients in 2007.

The victims are mainly professional staff who are seeking work in the economic downturn. Registrations at the site, which allows employers to browse thousands of CVs online, have soared as redundancies have risen.

Monster.com refused to comment on how much information had been taken but The Times understands that the personal details of millions of people can be downloaded in under an hour once a hacker has gained access.

Security analysts told The Times that the plundered data from the recruitment site would be used by organised gangs to open fake bank accounts or take out loans in the names of unsuspecting customers.

Monster.co.uk has posted a message on the site advising all customers to change their passwords immediately.

“It’s a horrendous breach,” said Graham Cluley, of Sophos, an IT security firm. “The information they have can be used to cause all kinds of mischief.”

About four out of ten people use the same password to access multiple websites, Mr Cluley said, meaning that criminals could use the Monster.co.uk data to obtain far more sensitive information. “These hackers could now use the passwords to access e-mail and online bank accounts.”

Police on both sides of the Atlantic are expected to investigate the breach. The Serious Organised Crime Agency said it was aware of the situation but refused to confirm if it was investigating the website.

Companies that advertise with Monster.co.uk, the British arm of the American-based global website, expressed outrage yesterday.

A spokesman for Britannia Building Society, which advertises vacancies on the site, said: “We will be seeking assurances from them about the credibility and reliability of the site, as we take the security of personal information of potential applicants very seriously.”

The Information Commissioner’s Office (ICO), the privacy watchdog, said last night that it would look into the breach.

“The ICO does not hesitate to investigate the most serious cases where sensitive details or large collections of personal information fall into the wrong hands,” a spokesman said.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo