Monster.com to notify 1.3 million theft victims
Monster.com said Thursday that 1.3 million users had personal information stolen by criminals who hacked into the job-placement website. The company said it would warn each of the victims by mail.
Monster parent Monster Worldwide Inc. said it identified the victims after analyzing the data found this week by computer security firm Symantec Corp., which had estimated that hundreds of thousands of people were at risk.
“We think it’s the right thing to do,” Monster Vice President Patrick Manzo said. “We’re concerned with making sure our customers understand we have their best interest at heart.” On Tuesday, Manzo had said the company would rely on its lawyers to decide how to notify its users.
Manzo also said the FBI and U.S. Secret Service were investigating the case, in which criminals posed as corporate customers to access Monster’s database of resumes posted by individuals. Monster has resumes of about 70 million people on hand.
Customer names, addresses, phone numbers and e-mail addresses were the only records that were stolen, Manzo said.
The crooks used that information to send a number of deceptive e-mails to the job seekers, pretending to be prospective employers or Monster itself.
Some e-mails contained scam job offers that could lead to swindled bank accounts, while clicking on links in other e-mails could install malicious programs that seal up the user’s files or record bank account numbers and other financial information.
Also Thursday, some Monster users said they had received such e-mails as far back as February.
Manzo said that the New York-based company had noticed e-mail attacks on customers eight or nine months ago but didn’t have concrete evidence of improper access to its files until the last week.
He said the company had succeeded in shutting down the Ukraine computer where the cache of stolen customer data was stored.
--
