Hackers Attack UK Paper’s Jobs Site

In what’s been described as a “sophisticated and deliberate attack,” hackers infiltrated the jobs site of the British newspaper The Guardian, spurring the paper to warn 500,000 users that private information may have been accessed.

What information was compromised? Fortunately, the compromised data didn’t include any financial or banking details, according to reports from publications including IT site The Register. Most likely it was CV and resume information, meaning names, e-mail addresses, postal addresses, job histories and more could be at the fingertips of whoever was behind the hack (and anybody else with whom they’ve decided to share). 

Why The Guardian was targeted is anybody’s guess. Back in 2007, the job-search Web site Monster.com fell prey to an attack in which scammers obtained login credentials for employers seeking new hires and used them to access 1.6 million job applicants’ records in the company’s database. This was followed by a spate of “spear phishing” attack—that is, targeted e-mail scams in which the fraudsters sent out malicious e-mails under the guise of Monster.com, making their ruse more believable by presenting victims’ personal details as part of their presentation. More recently, in January, Monster.com again fell prey to an attack in which perpetrators stole user IDs and passwords, e-mail addresses, birth dates, gender and ethnicity information, and in some cases, users' states of residence in the U.S, according to PCworld.com.

While The Guardian breach occurred in the UK, where Social Security numbers are not distributed, it’s worth taking the opportunity as a reminder never to include SSNs on resumes and CVs. The holy grail for many identity thieves wishing to commit new account fraud, the nine-digit identifiers can be used to open credit accounts, file fraudulent tax statements and more.  Not only does putting an SSN on a resume or CV put you at risk if your own laptop or hard drive containing the resume is stolen, but in the case of breaches like this, a situation outside of consumers’ control, it could put you in danger of becoming a victim of identity-related fraud.

So far, no one has been arrested in the course of the Metropolitan Police Central e-Crime Unit’s investigation of The Guardian case. "The police remain anxious to keep information about the apparent theft to a minimum, in order not to compromise their investigations, but did agree with us that we could inform those users who may be affected," the newspaper said in a statement quoted by PCWorld.com.