Monster.com job applicants info exposed on unprotected server
.png)
Personal details from resumes and CVs from job seekers were exposed after a server belonging to a recruitment company that was a customer of Monster.com and others was left unprotected.
Monster.com which learned of the breach in August, did not initially alert potential victims to the exposure, contending that notification responsibly lay with the recruitment company that "owned" the data.
"Customers that purchase access to Monster’s data — candidate résumés and CVs — become the owners of the data and are responsible for maintaining its security," Monster Chief Privacy Officer (CPO) Michael Jones said in a statement cited by TechCrunch. "Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer’s database."
Jones said it contacted the recruitment company it first became aware of the exposed server, which was secured soon thereafter.
"In today’s era of growing privacy regulations, how companies react in the wake of a data breach is critical, said Peter Goldstein, CTO and co-founder of Valimail.
Indeed, "Monster might have paid careful attention to their internal security practices, but still, the data that they are responsible for has been exposed," said Pankaj Parekh, chief product and strategy officer at SecurityFirst. "This is obviously not an acceptable excuse to those whose private information was exposed."
While "Monster shrugs its sloping shoulders," European regulators might not be so blaise about the leak, Lucy Security CEO Colin Bastable said. "Of course, Monster’s Ts and Cs – terms and conditions – may leave them without liability. Let’s see how the EU treats this."
The information exposed included work history, phone numbers, email addresses and home addresses on resumes submitted between 2014 and 2017.
"The exposed resumes give cybercriminals more than enough data to commit phishing attacks and effective impersonation attempts, which can lead to account takeover, identity theft and other scams," said Goldstein. "And the fact that criminals know these individuals are on the job hunt means their social engineering attacks can be highly tailored and therefore all the more convincing to their victims."
He contended that "Monster may not have been required to notify regulators in this specific situation," but an organisation’s "best practices (and in some cases GDPR regulations) dictate that companies notify the customers impacted by a breach."
Users continue to get the short end of the stick and Bastable suggests maybe it’s time for the data-sharing model to change. "Why would anyone trust any business with their data when it is being pimped out like this?" said Bastable. "At least give people a slice of the action when you sell their data."
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- Senior Presales Consultant | Managed Security Services | London
- London
- N/A
-
Senior Presales Consultant – Managed Security Services Location: London-commutable (Hybrid) A well-established cyber consultancy is seeking a Senior Presales Consultant to drive growth across its managed security services / advisory portfolio. This hybrid role bridges commercial and technical expertise supporting solution design, shaping customer proposals, and guiding conversations from scoping through to delivery. Key experience: Background in managed security services, including SOC operations and threat detection Strong knowledge of cloud and on-prem security tooling (SIEM, EDR, IAM) Penetration testing Proven ability to translate technical concepts into clear business value Confident in customer-facing engagements and pre-sales delivery Experience contributing to bids, proposals, and RFI/RFP responses To find out more contact me on 07884666351 Visa sponsorship is unfortunately not available for this role.
-
- New Business | Cyber Security | Overlay sales (UK Based- London commutable)
- London
- N/A
-
New Business Sales Hunter needed | Cybersecurity (UK Based- London commutable) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding team. New business focused - £500-750 GP Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351
-
- New Business Sales Hunter | Cyber Security (UK Based)
- London
- To attract the right person
-
New Business Sales Hunter needed | Cybersecurity (UK Based) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Be UK based - and able to achieve UK SC clearance. (sorry no visas) Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding cyber security firm. New business focused - £1m GP year one target (ramped). Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable 1x per week. Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351