Hitmetrix - User behavior analytics & recording

Monster suffers data breach

Job-seeker Web site Monster Worldwide has detected a data breach that could potentially affect millions of its users.  

The site, which has more than 75 million users worldwide, declined to give specific numbers, but said that users in North America and possibly Western Europe had been put at risk. Hackers accessed information that included names, phone numbers, e-mail addresses, Monster user IDs, passwords, date of birth, gender and ethnicity. For some Monster users in the US, state of residence information was also put at risk. The company does not collect financial data or Social Security Numbers.

“Immediately upon learning of the breach, we chose to notify all customers and job-seekers and began investigation,” said Nikki Richardson, VP of corporate communications for Monster. “This kind of reaching out to stakeholders will help them better defend themselves against attacks.”

Site users were alerted of the breach late last week, in a message from Monster Worldwide SVP and global chief privacy officer Patrick Manzo. The message was posted only on the site, not e-mailed. Richardson explained that the company did not send e-mails for fear that they could be used as a template for phishing messages.

E-mails were a major part of Monster’s customer care strategy in its last major data breach in August 2007. The company predicted then that data from 1.3 million users had been endangered but sent warning e-mails to all clients as a precautionary measure. At the time, Monster also added executive level staff to its Web Site Security Task Force.

Monster is now asking its users to review its security page and to be extra vigilant about phishing e-mails and other types of fraud. It also will be requiring users to change their passwords this week. The company, which, per its Web site, is working with “the appropriate law enforcement officials,” has been on the lookout for any misuse of the compromised data, but so far has not discovered any. In the last breach, there were reports of phishing e-mails sent to users.

Related Posts