Personal details for four and a half million job seekers, including user names, passwords, and phone numbers, have been stolen from UK website, Monster.co.uk.
While no credit card details or confidential information was stolen – Monster wisely keeps that information separate – the information could be used to take out loans in those people’s names. The pilfered information could also provide clues such as mother’s maiden name, a common security question.
Monster.co.uk has posted a message on the site advising all customers to change their passwords immediately. “We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures,” the message said.
While this is a sensible move by Monster, it could also lead to a string of phishing attacks, such as the one recently on Steam, where hackers impersonate trusted institutions in order to get more information out of the victims.
The Information Commissioner’s Office, the privacy watchdog, said that it would investigate the breach. “The ICO does not hesitate to investigate the most serious cases where sensitive details or large collections of personal information fall into the wrong hands,” a spokesman said.
This is the third time in two years that security at the world’s largest recruitment site has been breached. It’s also the largest breach of confidential data since the details of 25 million child benefit recipients were lost from HM Revenue and Customs two years ago.
The suspects are thought to be a Russian gang that has been selling “identity harvesting services” to fraudsters.