Following a very public security breach, Monster Worldwide said Wednesday it will institute a comprehensive set of new systems and processes designed to enhance existing security and minimize such threats in the future.
Through a virus known as “Infostealer.Monstres,” spammers infiltrated the company’s resume database and allegedly spammed upwards of 1.6 million users. The purported goal was to obtain the personal financial data and bank account numbers from job seekers.
Indeed, Monster now admits this was not an isolated incident.
“As is the case with many companies that maintain large databases of information, Monster is from time to time subject to illegal attempts to extract information from its database. Despite ongoing analysis, the scope of this illegal activity is impossible to pinpoint,” the company stated in a release.
The company also said it is notifying all job seekers with an active resume on Monster sites about preventive measures they can take to protect themselves from online fraud.
But the concern could potentially be confusing to its members. While it promises “proactively reaching out” to all users who have resumes posted, it also asserts that “no company can completely prevent unauthorized access to data.”
In fact, Monster says its “new” security plans are actually not new at all; the company says many were announced before the recently reported attack.
The infrastructure improvements include new monitoring and surveillance, tightening of all site access policies and controls, and new methods to protect job seeker contact information.
In addition to reaching out to law enforcement and other regulatory officials, Monster says its Web Site Security Task Force will now report directly to the chairman and CEO.