Monster.com suffered a data breach which impacted thousands of customers. Individuals who signed up on their job search platform from 2014 to 2017 remain compromised.
According to Tech Crunch, an exposed web served contained resumes of applicants from the year 2014 to 2017. The unprotected database remained online, thereby compromising sensitive information from applicants who signed on to use its service.
Vulnerable information includes private customer information such as the user’s first and last names, phone numbers, and email addresses. In addition, previous work experiences were also found on the unprotected database. Most users whose information was found on the server reside in the United States.
Despite failing to reveal a number to the public, Tech Crunch reports that a single folder contained thousands of resumes. Besides sensitive information, some files also contained immigrant documents and data.
This is the second time the job search platform kept a data breach from the public. In 2007 the company also experienced a leak in its platform, reports Fox 29. However, the firm waited a week prior to informing the public and affected customers, which totaled 1.3 million people.
The latest exposure plaguing the company urged spokespersons to disclose the breach. However, the firm only admitted to the breach after cybersecurity researchers approached Tech Crunch.
In a statement, chief privacy officer of Monster Michael Jones disclosed the database was the product of a third-party provider. Monster no longer retained the services of the service provider. However, the job search platform refused to provide the name of the recruitment agency who owns the server.
Jones also said their business “was made aware of possible exposure and notified he recruitment company of the issue.” The platform became aware of the incident last August 2019.
Lack of Concern
While the server has been secured, customer information can still be accessed through cached results notes Tech Crunch.
Monster maintains distance from the issue, citing the third-party provider’s involvement in the matter. As a result, the job employment platform failed to disclose the matter to its customers in a timely matter. Moreover, the firm did not provide initial warnings to its account users.
In a statement, Monster said that “customer that purchase access to Monster’s data become the owners of the data.” As clients, “[they] are responsible for maintaining its security.” The statement also reads that customers are in charge of their own welfare in case of a data breach.