Wednesday, October 28, 2009

Post your information on a job web site lately? Beware.

The internet brings a chance for people to see your talents and skills.

The challenge is, how do you provide information online to potential employers but still keep yourself safe?

In the UK, a major job posting website was hacked.  The company's response?  They told their customers they recommend they go out and buy their own identity theft protection.  Banks and Credit Card companies have to follow compliance laws on when to report a breach and they have to offer to protect your credit with free credit reporting.

I am not a fan of creating a law every time an incident happens but wonder if there should be a law that holds websites accountable for protecting information and taking care of their customers if there is a breach.

What say you?

Article Follows:
http://www.ere.net/2009/10/27/hacked-job-board-tells-victims-to-pay-for-protection-themselves/


Hacked Job Board Tells Victims to Pay for Protection Themselves
Posted By John Zappe On October 27, 2009 @ 3:59 pm
In News and Features

 [1]The British newspaper whose job board was hacked over the weekend is advising the half-million users whose information may have been accessed to buy identity insurance and notify credit reporting agencies.

An indignant Twitter post by one of those whose account with The Guardian jobs [2] site was compromised says she received an email from the newspaper advising her of the illegal access and suggesting she subscribe to an identity protection service.

“got the guardian hack email – they suggest I buy identity fraud protection services. Hang on, who let people steal my information?” reads the tweet [3]by Joelle Nebbe-Mornod [4], a technology consultant and former CTO now in the U.K.

The site itself gives no hint of the hack, until you scroll almost to the bottom of the home page where, under a heading of Workplace News, there is a short item headlined: Guardian jobs site – Security Breach. [5] It links to a page of more detailed information.
There, The Guardian reports that the site is now secure and adds, “It is clear that only a minority of Guardian Jobs users are at risk. Some of the data which appears to have been stolen is up to two years old. We have emailed the approximately half a million users whose data may have been compromised. This is out of the total of 10,328,290 unique users the site has per calendar year. The USA jobs site [6] has not been affected.”

In an FAQ [7], The Guardian recommends users whose accounts were compromised obtain fraud protection at their own expense.

“The Guardian, in common with our users is also a victim of this crime and we deeply regret that this breach has occurred. We believe our technology and security measures were more than compliant but regrettably the threat from criminal hackers is continually evolving. Whilst our investigation is continuing we suggest that each individual should decide whether to follow the guidance recommended by the police and meet any associated costs.”

The Guardian’s British site is powered by Madgex Job Board Software [8]. The U.S. job site is run by Indeed.com.

The Guardian says [7] that no personal accounts were accessed, but other, potentially sensitive, information was. “Job application data, material such as covering letters, and CVs. We have no reason to believe that any financial or bank data was compromised in this incident.”

Police are investigating the access. No technical details have been released, however some technical publications have offered possible methods [9].

This is the second major security breach of a British job board this year. Monster’s UK site was hacked in January [10] and some 4.5 million records were stolen.

Article printed from ERE.net: http://www.ere.net


URLs in this post:

[1] Image: http://www.ere.net/wp-content/uploads/2009/10/Guardian-Jobs-security-page.jpg
[2] The Guardian jobs: http://jobs.guardian.co.uk/
[3] tweet : http://twitter.com/iphigenie
[4] Joelle Nebbe-Mornod: http://www.ecademy.com/account.php?id=400325
[5] Guardian jobs site – Security Breach.: http://jobs.guardian.co.uk/securityupdate.html
[6] USA jobs site: http://www.guardianjobs.com
[7] In an FAQ: http://jobs.guardian.co.uk/securityupdate-faq.html
[8] Madgex Job Board Software: http://www.madgex.com/jobboardsoftware/
[9] some technical publications have offered possible methods: http://news.google.com/news/story?hl=en&q=guardian+jobs,+hack&sourceid=navclient-ff&rlz=1B3GGGL_en___US323&um=1&ie=UTF-8&ncl=dy6pCv6sJqoWImM&ei=U0rnSsuwO5jYtAPVi_ybAQ&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CAwQqgIwAA
[10] Monster’s UK site was hacked in January: http://www.ere.net/2009/01/27/monster-hacked-again-45-million-records-stolen/

No comments:

Post a Comment