Monster security breach at official US Government job site

Davey Winder
Sunday, 25 January 2009 19:17

Your IT - Home IT

You might expect the US Government to be on the ball when it comes to security. Expectations are often not met, as has been the case with the official Federal Government employment site it seems.

Obama is the Google Government man and seemingly on top of all things tech. I wonder what he will make of the lack of data security at one Federal Government website?

The United States Office of Personnel Management has been acting more like the UK Government in terms of data security, or rather the lack of it, or so it would appear.

USAJOBS is the official one-stop-shop for Federal Government jobs and employment information in the United States. It has also been officially breached.

In a statement released over the weekend, Mary Volz-Peacock, Program Director at USAJOBS admits that it had been the subject of a security breach. Or rather the company providing the job seeker technology, Monster, had been.

"We recently learned that the Monster database was illegally accessed and certain contact and account data were taken" she explains. The stolen data includes "user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data."

Volz-Peacock was keen to stress that no resume or social security data was stolen, and no personal financial information either.

However, she did point out that the data could be used as the basis for phishing activity and reminds users that USAJOBS never sends unsolicited email asking for login confirmation nor offering software downloads and security tools.

You might have thought that Monster would have learned a thing or two since falling victim to a similar data loss 18 months ago. Back then a data harvesting bot managed to login to Monster.com and grab user information.

In August 2007 Monster.com the company said that the breach had impacted at least 1.3 million users. There are no figures available for the current situation, which is understood to apply to Monster.com as well as USAJOBS.

Patrick Manzo, the Global Chief Privacy Officer at Monster Worldwide, says "Immediately upon learning about this, Monster initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information."

Oh well, that's OK then...