Major Data Breach at Monster.com Exposes 1.3 Million Personal Records
Posted by
Staff Writer September 02, 2007 12:00 PMThis past week, Monster.com disclosed that thieves hacked into and stole confidential information about several hundred thousand job seekers posted in 1.3 million records.
According to a Fox news report,
The information, which included first and last names, e-mail and home addresses and phone numbers, was then used to send "phishing" e-mails to members, apparently from Monster.com, encouraging them to download a tool known as "Monster Job Seeker."The tool was in fact a malicious program known as a "Trojan," as in Trojan horse, which encrypted files on the victims' machines, making them inaccessible to the computer owner.
Rather than immediately notifying affected consumers about the data breach, it appears that Monster.com waited almost one week before disclosing the intrusion. Yesterday, Monster.com indicated that it would heighten its security and surveillance measures to minimize the risk of such a major data intrusion.
Internet security vendor Symantec corporation described the data intrusion and risks of further criminal activity. Interestingly, according to Symantec, thieves have attempted to extort victims by locking down and encrypting personal files located on their personal computers demanding money to return accessibility to various personal files.
This data breach should serve as a reminder that because data thieves are increasing the type and sophistication of computer attacks, corporations and individuals should take Internet security seriously. Also, when a person or business discovers a data breach, shouldn't disclosure to potential victims occur promptly? I have not seen any explanation about why Monster.com waited close to a week before publicly explaining what happened. During this time period, hundreds of thousands of consumers could have become unwary victims of identity theft or extortion. The delay may have been appropriate to learn more detail about what happened but I cannot find any company explanation. Do you think the company acted appropriately? Will this recent data intrusion affect your interest in doing business with Monster.com or any other electronic commerce vendor? Will it heighten awareness of data security needs? Do you think electronic commerce and computer security will improve in the days and months ahead? I'd like to hear your thoughts.
