Hacked Job Board Tells Victims to Pay for Protection Themselves

Guardian Jobs security pageThe British newspaper whose job board was hacked over the weekend is advising the half-million users whose information may have been accessed to buy identity insurance and notify credit reporting agencies.

An indignant Twitter post by one of those whose account with The Guardian jobs site was compromised says she received an email from the newspaper advising her of the illegal access and suggesting she subscribe to an identity protection service.

got the guardian hack email – they suggest I buy identity fraud protection services. Hang on, who let people steal my information?” reads the tweet by Joelle Nebbe-Mornod, a technology consultant and former CTO now in the U.K.

The site itself gives no hint of the hack, until you scroll almost to the bottom of the home page where, under a heading of Workplace News, there is a short item headlined: Guardian jobs site – Security Breach. It links to a page of more detailed information.

There, The Guardian reports that the site is now secure and adds, “It is clear that only a minority of Guardian Jobs users are at risk. Some of the data which appears to have been stolen is up to two years old. We have emailed the approximately half a million users whose data may have been compromised. This is out of the total of 10,328,290 unique users the site has per calendar year. The USA jobs site has not been affected.”

In an FAQ, The Guardian recommends users whose accounts were compromised obtain fraud protection at their own expense.

“The Guardian, in common with our users is also a victim of this crime and we deeply regret that this breach has occurred. We believe our technology and security measures were more than compliant but regrettably the threat from criminal hackers is continually evolving. Whilst our investigation is continuing we suggest that each individual should decide whether to follow the guidance recommended by the police and meet any associated costs.”

Article Continues Below

The Guardian’s British site is powered by Madgex Job Board Software. The U.S. job site is run by Indeed.com.

The Guardian says that no personal accounts were accessed, but other, potentially sensitive, information was. “Job application data, material such as covering letters, and CVs. We have no reason to believe that any financial or bank data was compromised in this incident.”

Police are investigating the access. No technical details have been released, however some technical publications have offered possible methods.

This is the second major security breach of a British job board this year. Monster’s UK site was hacked in January and some 4.5 million records were stolen.

John Zappe is the editor of TLNT.com and a contributing editor of ERE.net. John was a newspaper reporter and editor until his geek gene lead him to launch his first website in 1994. He developed and managed online newspaper employment sites and sold advertising services to recruiters and employers. Before joining ERE Media in 2006, John was a senior consultant and analyst with Advanced Interactive Media and previously was Vice President of Digital Media for the Los Angeles Newspaper Group.

Besides writing for ERE, John consults with staffing firms and employment agencies, providing content and managing their social media programs. He also works with organizations and businesses to assist with audience development and marketing. In his spare time  he can be found hiking in the California mountains or competing in canine agility and obedience competitions.

You can contact him here.

Topics

1 Comment on “Hacked Job Board Tells Victims to Pay for Protection Themselves

  1. This is one of the primary reasons why 1.5 years we became the first major job board to kill its resume searching tool. See http://www.collegerecruiter.com/press-room/general/collegerecruitercom-first-majo/. The risk of hacking and identity theft is too great and increasing. Job boards cannot properly secure their resume banks while at the same time making them easy to log into for their employer clients. When I.T.’s security interests are pitted against marketing’s sales interests, guess who tends to win?

    The International Association of Employment Web Sites (IAEWS) meets next week in Chicago. Hopefully this issue will (again) be raised and hopefully more job boards will choose to follow our lead. We followed the lead of RecruitingNevada.com. A representative from that site talked about how and why they never allowed resume searching. I was convinced their approach was correct so we killed resume searching shortly afterward.

Leave a Comment

Your email address will not be published. Required fields are marked *