Skip the navigation

Personal info on 150,000 job seekers at USAJobs stolen

Nearly 150,000 identities belonging to users of USAJobs stolen in Monster attack

August 31, 2007 12:00 PM ET

Computerworld - The identity thieves who ransacked's database also made off with the personal information of 146,000 people who use USAJobs, the federal government's official job search site, federal officials said today.

Monster Worldwide Inc. operates the Web site for the Office of Personnel Management (OPM), the independent agency that manages the federal civil service. Like Monster's commercial sites, USAJobs lets job seekers post resumes and federal agencies post job openings.

Of the 2 million subscribers to the federal job site, about 146,000 were affected by the heist engineered by Infostealer.Monstres, a Trojan horse that used legitimate log-on credentials stolen from recruiters to sift through the Monster database. According to Monster executives, the Trojan absconded with the names, addresses, e-mail addresses and phone numbers of some 1.3 million people. Although stored in the Monster databases, some of those people were USAJobs users. No Social Security numbers were stolen, the OPM stressed in an alert posted to USAJobs.

"OPM is working with Monster Worldwide to implement a long-term remedy to protect data," said the agency, which is sending letters to all subscribers warning them of phishing attacks that may use the purloined information. "Be on the alert for fraudulent e-mail that advertises positions managing financial transactions, or cashing checks," the agency's alert said. "These e-mails are attempting to engage job seekers in a money laundering or bad check scam."

The Infostealer.Monstres Trojan has the ability to spew spam to the e-mail addresses it harvested by cranking out targeted phishing messages that spread other malicious software or recruited "money mules" -- middlemen who transfer money from a phished bank account to a foreign bank account.

Although the OPM was unavailable for comment Thursday night, earlier in the day, an agency spokesman told the Reuters news service that the government got its first hint of the theft on July 20, when a job seeker reported receiving a phishing message. Although Symantec Corp. researchers notified Monster on Aug. 17 of an apparent data breach, other security researchers had reported individually targeted phishing messages bearing the Monster brand as far back as July 5. Yesterday, Monster's CEO admitted that the mid-month theft was not the first time the company's data had been attacked.

Monster Worldwide operates numerous other online job search services and job-hunting sections of sites owned by others. Among the latter, it services the career center for armed service members' spouses on; runs co-branded search services with several newspapers, including the Philadelphia Inquirer; and powers the job search features of federal, state and local governments, including the Los Angeles Police Department. It's not known whether any additional sites operated by Monster Worldwide were affected by the Infostealer.Monstres data looting.

Monster was not available for comment Thursday night.

Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.

Our Commenting Policies