The Guardian's statement clearly attempts to downplay the problem: "It is clear that only a minority of Guardian Jobs users are at risk. Some of the data which appears to have been stolen is up to two years old. We have emailed the approximately half a million users whose data may have been compromised. This is out of the total of 10,328,290 unique users the site has per calendar year."  However, any reasonable estimate would suggest that most people who post a resume would visit the site multiple times, suggesting that 500,000 is a major proportion of the resumes on the site.

Further, The Guardian has stressed that no financial information was lost in the attack, only the resumes.  That, of course, is entirely moot as the contents of most resumes would be plenty to create a new set of financial instruments.

A Guardian spokesperson said the site has about 10 million unique users per year, and that "the hack was stopped before it was completed."

The email sent to all affected people (here for instance) suggests that affected people contact a variety of credit reporting agencies, but makes no suggestion as to who might pay for any monitoring services:

1) Contact your creditors, even if they have not been affected, so that they can monitor your accounts to ensure they remain protected.

2) Contact a credit reference agency: Callcredit, Equifax or Experian provide suggested steps to resolve the situation and prevent it happening again.

3) Contact CIFAS protective registration: If you think you have been a victim of identity theft you should consider subscribing to CIFAS. This places a notice on your credit file indicating that your name and address may be used to perpetrate identity fraud.

This is obviously general advice, affected users might wish to take their own more professional counsel.

The sharks are clearly circling in the Internet waters, swim at your own risk.