Monster Hackers Also Hit USAJobs.gov

The hackers who compromised more than a million users of the Monster.com job search site also accessed a U.S. government career site that the company runs for the U.S. Office of Personnel and Management, the government said Friday.

OPM spokesperson Peter Graves told Reuters that 146,000 users of the USAJobs.gov site had their personal information stolen — including names, mailing addresses, phone numbers, and e-mail addresses. The government shut off recruiter access to the site until Monster.com completes its review of the system’s security.

Graves said the government alerted Monster.com to the problem on July 20, when a subscriber submitted a fraudulent e-mail. That statement raises questions about whether Monster.com improperly withheld news of the breach from its users.

A week ago, Monster said it had first learned of the breach when Symantec researchers alerted the company to the issue. It now appears that Monster knew about a breach of its systems almost a month before the Symantec report.

Lag Time ‘Inexcusable’

That long of a lag is “inexcusable,” said W. David Stephenson, a homeland security and corporate crisis management consultant, “after the legacy of past problems.” As a Massachusetts company, Monster.com should have been especially sensitive to the case of TJX, parent corporation of the TJ Maxx department store chain.

In the largest corporate data breach in history, hackers made off with more than 45 million credit card numbers. In August, TJX reported that its costs from the breach would be $256 million, 10 times more than the company estimated three times earlier. And analysts said the costs could reach as high as $1 billion.

“Every new example of identity theft is judged in light of the past missteps,” Stephenson said. “Crisis management has to be a continuous, cyclical process, where you continually test the plans and adapt them in light of new incidents.”

Ukranian…