Personal info on 150,000 job seekers at USAJobs stolen
Nearly 150,000 identities belonging to users of USAJobs stolen in Monster attack
Computerworld - The identity thieves who ransacked Monster.com's database also made off with the personal information of 146,000 people who use USAJobs, the federal government's official job search site, federal officials said today.
Monster Worldwide Inc. operates the USAJobs.gov Web site for the Office of Personnel Management (OPM), the independent agency that manages the federal civil service. Like Monster's commercial sites, USAJobs lets job seekers post resumes and federal agencies post job openings.
Of the 2 million subscribers to the federal job site, about 146,000 were affected by the heist engineered by Infostealer.Monstres, a Trojan horse that used legitimate log-on credentials stolen from recruiters to sift through the Monster database. According to Monster executives, the Trojan absconded with the names, addresses, e-mail addresses and phone numbers of some 1.3 million people. Although stored in the Monster databases, some of those people were USAJobs users. No Social Security numbers were stolen, the OPM stressed in an alert posted to USAJobs.
"OPM is working with Monster Worldwide to implement a long-term remedy to protect data," said the agency, which is sending letters to all subscribers warning them of phishing attacks that may use the purloined information. "Be on the alert for fraudulent e-mail that advertises positions managing financial transactions, or cashing checks," the agency's alert said. "These e-mails are attempting to engage job seekers in a money laundering or bad check scam."
The Infostealer.Monstres Trojan has the ability to spew spam to the e-mail addresses it harvested by cranking out targeted phishing messages that spread other malicious software or recruited "money mules" -- middlemen who transfer money from a phished bank account to a foreign bank account.
Although the OPM was unavailable for comment Thursday night, earlier in the day, an agency spokesman told the Reuters news service that the government got its first hint of the theft on July 20, when a job seeker reported receiving a phishing message. Although Symantec Corp. researchers notified Monster on Aug. 17 of an apparent data breach, other security researchers had reported individually targeted phishing messages bearing the Monster brand as far back as July 5. Yesterday, Monster's CEO admitted that the mid-month theft was not the first time the company's data had been attacked.
Monster Worldwide operates numerous other online job search services and job-hunting sections of sites owned by others. Among the latter, it services the career center for armed service members' spouses on Military.com; runs co-branded search services with several newspapers, including the Philadelphia Inquirer; and powers the job search features of federal, state and local governments, including the Los Angeles Police Department. It's not known whether any additional sites operated by Monster Worldwide were affected by the Infostealer.Monstres data looting.
Monster was not available for comment Thursday night.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts