Friday, February 13, 2009

USAJOBS is Breached

Here is the article from from Washington Post in its entirety. To find it online, please go to: "Federal Job Database is Breached."

By Joe Davidson
Saturday, January 31, 2009; Page D02

The federal government's online database for job seekers has been hacked.

As if Uncle Sam's hiring process is not in enough of a mess already, now comes word that the pocket where he keeps job applications has been picked.

USAJOBS, the government's database, is powered by Monster.com, the Internet employment service.

A "special security alert" posted by USAJOBS says "certain contact and account data were taken, including user IDs and passwords, e-mail addresses, names, phone numbers, and some basic demographic data."

The information accessed does not include resumes," the statement continues. "The accessed information does not include sensitive data such as social security numbers or personal financial data."

But the government warns that the stolen data could be used in phishing schemes. This is a type of electronic fraud in which crooks use e-mail messages, pretending to come from legitimate organizations -- potentially the U.S. government in this case -- to secure sensitive information from those whose e-mail addresses were stolen.

People with USAJOBS passwords may soon be required to change them, according to the announcement.

"USAJOBS will never send an unsolicited e-mail asking you to confirm your username and password," says the alert, "nor will Monster ask you to download any software, 'tool' or 'access agreement' in order to use your USAJOBS account."

The hacking of USAJOBS was part of a larger intrusion into Monster.com. A "security breach official alert" on that site says "we recently learned our database was illegally accessed and certain contact and account data were taken."

A mandatory change of e-mail passwords for company clients goes into effect today, according to Nikki Richardson, Monster's vice president of corporate communications. The company is "monitoring any illicit use of information and so far we have not detected the misuse of this information," she said in a telephone interview.

In addition to changing passwords, Richardson recommended that Monster users be vigilant for suspicious e-mails and review the Monster security page, which can be found at
http://www.monster.com./ More information also is available at http://www.usajobs.gov./