Hundreds of thousands of job seekers may have had their personal details stolen after a website in Britain was hacked recently, reports on Monday said. The Guardian Jobs website had been "targeted by a sophisticated and deliberate hack" according to the Guardian News and Media Group. Nearly half-a-million could be affected by the security breach, though the publishing company said it had no clear idea of the numbers affected. Over the weekend nearly 500,000 emails were sent out to users as a precautionary measure.
The Guardian Jobs website is outsourced to third-party jobs board provider Madgex, and enables users to target their CV to potential employers. The breach could make it possible for criminals to create "very attractive and believable email that will have a high likelihood to trick the recipient into clicking on a link or running the attachment," according to Patrik Runald, senior manager of Websense security labs.
Such phishing attacks are particularly dangerous and open people up to identity theft as well as financial fraud. The email warned customers of the security breached and advised them on certain actions they might take. In particular they were told to contact their creditors, even if they had not been affected, so that they might monitor accounts and ensure they remain protected. They were also urged to contact a credit reference agency such as Callcredit, Equifax or Experian who may provide information as to how to resolve the situation and prevent it happening again. In addition Guardian Jobs users also suggested those who believed they had become a victim of identity theft should consider subscribing to CIFAS, the UK's Fraud Prevention Service. Although financial information is not believed to have been lost, even a standard CV and covering letter can provide enough detail to initiate identity theft.