06 Sep Monster.com Goes Mum On Web Server Leaking Resumes And CVs
Lessons learned from the latest cyberattacks, data breaches, and hacks
–Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Sep. 6, 2019
You didn’t hear it from Monster.com. But a third party web server leaked thousands of resumes containing personal contact information that were stored between 2014 and 2017, according to a story in TechCrunch.
The takeaway?
“This is a lesson in how data can spread without people being aware of it,” says Erich Kron, security awareness advocate and technical evangelist for KnowBe4.
“In this case, when we put our job history, resume and/or CV on these types of sites, we should assume that organizations are going to collect them as they review and use them for job considerations,” adds Kron, an experienced keynote speaker and security awareness advocate.
Look for my creepily smiling mug at #DerbyCon and I might be able to hook you up with one of these little nuggets
— Madsqu1rrel is @ DerbyCon (@ErichKron) September 4, 2019
Kron shares some interesting perspective on compliance. “Where things get murky is what happens with the information after it is used, and ensuring it was used in a proper manner in the first place. Currently, in the U.S., people are often completely unaware when data is processed by a third party. This is something that GDPR is designed to address.”
Although Monster.com didn’t have much to say about the exploit, Kron points out the incident has been resolved. “While the potential leak should not have taken place at all, the third party did respond in a timely manner and fixed the problem. Unfortunately, many organizations have not considered how to deal with events like this and therefore lack the policies and procedures to deal with them quickly and efficiently.”
Job seekers beware.
You may want to think about creating an email address exclusively for career sites. Hackers often use stolen email addresses to send pesky phishing scam messages, which are responsible for more than 90 percent of all hacks and data breaches.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.
Sponsored by KnowBe4
KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.