Monster.com job applicants info exposed on unprotected server
.png)
Personal details from resumes and CVs from job seekers were exposed after a server belonging to a recruitment company that was a customer of Monster.com and others was left unprotected.
Monster.com which learned of the breach in August, did not initially alert potential victims to the exposure, contending that notification responsibly lay with the recruitment company that "owned" the data.
"Customers that purchase access to Monster’s data — candidate résumés and CVs — become the owners of the data and are responsible for maintaining its security," Monster Chief Privacy Officer (CPO) Michael Jones said in a statement cited by TechCrunch. "Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer’s database."
Jones said it contacted the recruitment company it first became aware of the exposed server, which was secured soon thereafter.
"In today’s era of growing privacy regulations, how companies react in the wake of a data breach is critical, said Peter Goldstein, CTO and co-founder of Valimail.
Indeed, "Monster might have paid careful attention to their internal security practices, but still, the data that they are responsible for has been exposed," said Pankaj Parekh, chief product and strategy officer at SecurityFirst. "This is obviously not an acceptable excuse to those whose private information was exposed."
While "Monster shrugs its sloping shoulders," European regulators might not be so blaise about the leak, Lucy Security CEO Colin Bastable said. "Of course, Monster’s Ts and Cs – terms and conditions – may leave them without liability. Let’s see how the EU treats this."
The information exposed included work history, phone numbers, email addresses and home addresses on resumes submitted between 2014 and 2017.
"The exposed resumes give cybercriminals more than enough data to commit phishing attacks and effective impersonation attempts, which can lead to account takeover, identity theft and other scams," said Goldstein. "And the fact that criminals know these individuals are on the job hunt means their social engineering attacks can be highly tailored and therefore all the more convincing to their victims."
He contended that "Monster may not have been required to notify regulators in this specific situation," but an organisation’s "best practices (and in some cases GDPR regulations) dictate that companies notify the customers impacted by a breach."
Users continue to get the short end of the stick and Bastable suggests maybe it’s time for the data-sharing model to change. "Why would anyone trust any business with their data when it is being pimped out like this?" said Bastable. "At least give people a slice of the action when you sell their data."
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- New Business Sales lead | UK - Cyber Security | New Logo sales
- United Kingdom
- Uncapped OTE
-
New Business Sales lead | UK - Cyber Security | New Logo sales UK Remote An established EMEA technology organisation is hiring a senior New Business Sales lead to take ownership of UK growth. An opportunity built for someone ready to take advantage of competitors who have taken their eye off the ball and turn that into sustained market share. This role is for someone proven. A self-starter who does not need micromanagement, knows how to win market share, and wants the backing of a larger business while building success their own way. You will lead and shape new logo acquisition, define and execute go-to-market strategy with regional leadership, and drive growth across cybersecurity, digital transformation, Microsoft modernisation etc. This is a new business sales role, with budget and full sales lifecycle responsibility. The goal being to build a wider a sales function beneath you as revenue scales. Experience across Financial services, manufacturing, industrial etc helpful. UK-based, remote-first, client-facing when needed. Competitive base salary with uncapped earnings.
-
- Business Development | Healthcare | Warm accounts | UK
- England
- N/A
-
Business Development | Healthcare | Warm accounts | UK Healthcare Cyber Security UK Based An experienced Business Development Manager is required to drive new cyber security revenue across a warm healthcare account base. This role is focused on new business and account growth, engaging healthcare organisations to understand risk, priorities, and operational challenges, and positioning appropriate cyber security solutions and services. Key Responsibilities Drive new business sales into a warm healthcare account base Develop and close new opportunities across healthcare organisations Build senior level relationships with IT, security, and procurement stakeholders Own the full sales lifecycle from first conversation through to close Work closely with technical pre sales and delivery teams Experience Required Proven B2B new business sales experience within cyber security or technology Healthcare sector experience desirable Strong consultative sales and closing capability Ability to achieve UK Security Clearance is required UK based with flexibility to travel What’s on Offer Warm accounts with new business focus Clear revenue ownership Competitive base salary with uncapped commission
-
- Technical Pre Sales Cybersecurity Consultant. Healthcare
- England
- N/A
-
Technical Pre Sales Cybersecurity Consultant UK Remote | Healthcare Focus Overview We are seeking an experienced Technical Pre Sales Cybersecurity Consultant to support healthcare organisations by delivering advisory, solution design, and security uplift services. This role focuses on improving security outcomes, addressing operational challenges, and enabling informed technology decisions across complex and regulated environments. The position blends technical pre sales expertise with a consultative approach, working closely with clinical, technical, and commercial stakeholders to shape effective cybersecurity solutions. The individual must be able to achieve UK Security Clearance. Key Responsibilities Provide technical pre sales support across cybersecurity solutions and services for healthcare organisations Engage stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and recommendations to strengthen security posture and resilience Translate customer requirements into clear, outcome focused technical and commercial solution designs Act as a trusted technical advisor throughout the sales and early delivery lifecycle Produce clear technical documentation, recommendations, and customer facing materials suitable for regulated environments Collaborate closely with sales, delivery, and technical teams to align solutions with customer needs Experience and Skills Proven experience in technical pre sales or cybersecurity consultancy Experience working within healthcare or other highly regulated sectors Broad knowledge of cybersecurity technologies, managed services, and risk based approaches Strong communication skills with the ability to engage both technical and non technical stakeholders Confident operating in a client facing, consultative role UK based role with remote working Occasional travel for customer engagement as required
-
- Contract Technical Pre Sales Cyber Security Healthcare. SC clearance needed
- England
- Outside IR35
-
Contract Technical Pre Sales Cyber Security Healthcare Outside IR35 Contract | UK Remote | Healthcare Focus Existing SC clearance is required. Overview Seeking an experienced Technical Pre Sales Cybersecurity Consultant is required to deliver advisory and uplift services across complex healthcare organisations. This Outside IR35 contract operates on a consultancy basis, focused on improving security outcomes, addressing operational pain points, and supporting informed Cyber Security decisions. The role combines deep technical pre sales capability with consultative advisory delivery, working across clinical, technical, and commercial stakeholders to shape effective and proportionate cybersecurity solutions. Responsibilities Provide technical pre sales consultancy across cybersecurity solutions and services within healthcare environments Engage senior stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and uplift recommendations to improve security posture, resilience, and maturity Translate healthcare requirements into clear, outcome focused technical and commercial propositions Act as a trusted technical advisor throughout the pre sales and early engagement lifecycle Produce concise technical documentation, recommendations, and advisory outputs suitable for regulated healthcare settings Experience Strong background in technical pre sales or cybersecurity consultancy Experience working with healthcare or other highly regulated environments Broad understanding of cybersecurity technologies, managed services, and risk based security approaches Ability to communicate complex technical concepts to both technical and non technical audiences Comfortable operating independently in a client facing advisory role