Business

Monster's stolen data may serve as warning

Posted September 02, 2007 11:00 pm

Associated Press

By now, the perils of securing online data with little more than user names and passwords should be well known. Monster.com learned that lesson late and the hard way, prompting last week's announcement that the Web jobs board will spend millions of dollars to improve its security.

Monster Worldwide Inc. recently discovered that con artists had grabbed contact information from resumes for 1.3 million people -- and likely many more, since Monster now says this was not an isolated incident.

Files were pilfered not only from Monster.com but from USAJobs.gov, the federal-government career-listing service operated by Monster.

The stolen information is not by itself ultra-sensitive, since resumes generally do not include Social Security numbers, financial data or account information.

But contact information alone can be lucrative for online criminals, who used what they got from Monster to craft "phishing" e-mails that go after such sensitive data.

The affair could serve as a warning to other businesses that operate online. But if the past is any guide, many will shrug off this episode.

"You're going to see this happen again and again and again," said security analyst Bruce Schneier, chief technologist for BT Counterpane. "I assure you, every other company didn't say, 'Wow, look what happened to Monster, we have to fix our problem.' "

Blame many factors. For one, upgrading security can be expensive, and many companies are reluctant to shell out for improvements until they've been viscerally reminded of the need for it.

"How do you justify a $10 million security budget when nothing happened last year?" said Mark Rasch, a former federal cybercrime investigator now with FTI Consulting Inc.

Another problem is that companies are hesitant to put up blockades that can annoy legitimate users.

"We're all accustomed to a straightforward and easy experience," said Dennis Maicon, executive vice president of Digital Resolve, a unit of Landmark Communications Inc. that sells automated fraud-detection systems. "We want to do things quick, we don't want to jump through all kinds of hoops to say, 'Hey, it's me,' because a good portion of the time, it is you. A company like Monster has to maintain the customer experience."

Article Comments

Article Categories
Business Content Providers

Article Comments

Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.