Monster Database Security Breach Official AlertTo learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".
January 23, 2009
As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. Monster does not generally collect – and the accessed information does not include - sensitive data such as social security numbers or personal financial data.
Immediately upon learning about this, Monster initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.
In order to help assure the security of your information, you may soon be required to change your password upon logging onto the site. Please follow the instructions on the site. We would also recommend you proactively change your password yourself as an added precaution. We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures.
As a further precaution, we want to remind you that an email address could be used to target “phishing” emails. Monster will never send an unsolicited email asking you to confirm your username and password, nor will Monster ask you to download any software, “tool” or “access agreement” in order to use your Monster account. Monster’s security page, http://my.monster.com/securitycenter, provides users with a substantial amount of information about different types of Internet fraud. We encourage you to review the information to learn more about what you can do to protect yourself on the Internet.
The protection of your data is a high priority for Monster. Our newly redesigned Web site has, and will continue to add, safety and security features to protect your information and we want you to feel confident using it.
We continue to devote significant resources to ensure Monster has appropriate security controls in place to protect our infrastructure, and while no company can completely prevent unauthorized access to data, Monster believes that by reaching out to job seekers, the company can help users better defend themselves against similar attacks.
We truly value the trust you place in Monster and appreciate the opportunity to continue to serve as your online career resource.
Sincerely,
Patrick Manzo
Senior Vice President, Global Chief Privacy Officer
Monster Worldwide
Subject: Resetting passwords
In an effort to ensure data security for our customers, starting Wednesday, January 28, 2009, at approximately 10:00 PM Eastern Standard Time, we will be instituting a mandatory password reset for all accounts that could potentially be affected. Those affected users will be prompted to change their password on their next login to the site, and will be notified that an email has been sent to their email account of record with a one-time password. To complete the change password process, please use this one-time password to log into your account and create a permanent password that is in compliance with Monster's password standards. Requiring these password resets helps us ensure that accounts are secure from any fraudulent activities. If you encounter any difficulties, please contact Monster Customer Service or your sales representative who can assist you.
An important thing to note is that the password change process is only initiated when you come to the Monster website and as a result an email is sent to you. Do not respond to any other unsolicited emails regarding password changes from Monster. Monster will not contact you by email regarding a password change unless you initiate such a change on the Monster website in accordance with the instructions above.
FAQ
Are you contacting consumers directly?
Monster elected not to send e-mail notifications to avoid the risk those e-mails would be used as a template for phishing e-mails targeting our job seekers and customers. We believe placing a security notice on our site is the safest and most effective way to reach the broadest audience. As an additional precaution, we will be making mandatory password changes on our site.
Have you contacted law enforcement?
We are working with appropriate law enforcement officials.
What security measures do you have in place?
Monster has made, and will continue to make, a significant investment in enhancing data security, and we believe that Monster’s security measures are as, or more, robust than other sites in our industry.
Monster has a full-time worldwide security team, which constantly monitors for both suspicious behavior on our site and illicit use of information in our database. To maintain the integrity of these security and monitoring systems, we cannot provide further details.
Will you be providing additional details about the breach?
Monster is sharing the information necessary to assist and protect our job seekers and customers. As previously mentioned, we cannot disclose specific details of the situation because we need to protect the integrity of our security systems and our ongoing inquiry into this situation.
Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!
Shameless plug
the Best Identity Theft Protection available dot com
Posts
