«
»

Security Breach at Jobs.ie?

March 28th, 2008 by Brian Honan

Lots of conversation on boards.ie claiming that a number of CVs have been illegally downloaded from the Jobs.ie website.  No details of what happened have appeared yet but the below is supposed to be an email from Huw Taylor the General Manager of Jobs.ie to affected users.

Dear ……….

I am writing to bring your attention to a security breach on Jobs.ie which occurred yesterday evening. Although this breach was identified and stopped quickly, a small number of CVs were illegally downloaded. Unfortunately your CV was one of the records taken. I understand and apologise for the concern this will cause you and I want to assure you that we are taking steps to prevent this happening again.In the meantime I urge you to exercise extra caution while conducting online activity.

To help you avoid risk, please follow these key online safety tips: 

  • Reputable companies do not request personal details by email, if a company contacts you do not give any personal information until you have established they are legitimate
  • Never give out personal banking information
  • Do not share your passwords with anyone
  • Do not open email attachments if you are suspicious, especially .exe files.

A dedicated 24 hour customer helpline has been set up to deal with any further questions or concerns you may have. Please call +353 (0)1 680 8699 or email info@jobs.ieAgain, please accept our apologies for any inconvenience or distress caused.Yours sincerely,

Huw Taylor

This is not the first time an online recruitment site has been the victim of an attack, Monster.com suffered a major breach last summer.  So before you upload your CV or any personal details to an online recruitment site make sure that you provide the minimum information required and delete those details once you no longer need the services of the site.

This is not the first time an online recruitment site has been the victim of an attack, Monster.com suffered a major breach last summer.  So before you upload your CV or any personal details to an online recruitment site make sure that you provide the minimum information required and delete those details once you no longer need the services of the site.It will be interesting to see what other details come to light over the coming days.  If you have any additional information please feel free to share it via the comments feature.

UPDATE 30/03/08:

Jobs.ie have posted the above note onto their website which confirms the breach did occur.  If you look at that notice you will see that the breach occured on Thursday evening.  Given the time that would be taken to detect the breach, determine the amount of damage done and get people in place to respond to the breach, Jobs.ie should be commended for getting their notifications out within 24 hours of the incident happening.

Also as we have discussed on this Blog before that there are no mandatory breach disclosure laws in Ireland, so again Jobs.ie should be commended for coming clean about the incident. 

If you are one of the affected individuals of this breach I appreciate it is not a nice experience to have happened, however at least Jobs.ie have notified you of the problem so that you can take steps to protect yourself against identity theft.  Both the makeITsecure and Garda websites offer advise on how to protect against identity theft.

Additional coverage on SiliconRepublic.com, The Irish Times and RTE.

Share This Post

9 Responses to “Security Breach at Jobs.ie?”

  1. Nick

    HI there, well, I have just called this number and spoke to a member of staff and he isnt well informed how, when, why kind of questions seemed to left unanswered, a callback is offered, the biggest concenr people should have is identity theft, when they have all the personal info on you its easy to become “you” and ruin your good name, apply for jobs using your CVs based on your expereinces and particualry ruin someones good name. Please call this number if you are one of the affected and everyone should consider taking legal adviceo n this breach and how it can affect you in presnt or future.

    Comment on Mar 28th, 2008 at 11:54 pm   
  2. Piri

    My CV was downloaded as well.
    Can we take a legal step against jobs.ie?

    Comment on Mar 29th, 2008 at 10:50 am   
  3. Brian Honan

    Nick & Piri

    Lets not forget that jobs.ie are also victims of this incident. A criminal attacked their systems and breached their security. This has resulted in costs to the company in terms of time and resources in dealing with the issue, not to mention the impact it may have on the company’s reputation.

    We also need to wait and see if the information that was accessed was stored in contravention of the Data Protection Act.

    I am not a solicitor but I would guess that before you could proceed with any type of case you would need to prove that jobs.ie were negligent in protecting your information and also that you have suffered a loss as a result.

    Until more details are available as to what exactly occured then I recommend waiting to see what happens.

    Lets not also forget that there are no legal requirements for jobs.ie to notify people about this breach, yet they took the decision to so. For that they should be given some recognition and credit.

    Brian

    Comment on Mar 30th, 2008 at 10:13 pm   
  4. Glandore Systems Blog » Blog Archive » Jobs.ie Hacked - Anyone Else?

    [...] Jobs.ie were quick to contact affected users and inform them of the security breach and outlined how to avoid becoming a victim of phishing or email scams that might follow as a result. BH Consulting commends Jobs.ie on their quick response and acknowledgement of the issue in a country where there are mandatory breach disclosure law. [...]

    Comment on Mar 31st, 2008 at 12:02 pm   
  5. Security Breech for Irelands largest Recruiter | Irish Job News - News on Jobs for Ireland

    [...] Jobs.ie has also offered a helpline support for the people effected by this. Brian Honan from BH Consulting (www.bhconsulting.ie) commends Jobs.ie for being so upfront and honest about the whole situation. It is good to see that they had a quick turn around from detecting it, and letting their customers know. Don’t worry about our sister site JobsInIreland.ORG, doesn’t store the CVs, rather it sends the CVs directly to the employers, and none of your personal details are stored on our server. [...]

    Comment on Mar 31st, 2008 at 2:01 pm   
  6. Fabio

    This is just another example of incompetency and lack of proper security precautions within SME’s in Dublin.Ive seen all so many times password documents co-existing on data file servers.
    This is what I do not get:
    How is it that my CV was one of the ones downloaded and I NEVER uploaded it in the first place?
    Is it because I applied for job positions from job.ie and a COPY of my CV was illegally maintained by jobs.ie without my consent?
    Their gonna pay for this.

    Comment on Mar 31st, 2008 at 5:31 pm   
  7. paul

    I read on boards.ie that someone was told that up to 60k CVs are possibly at risk, so I guess that there are a lot of annoyed people.

    Fabio : Your case isn’t mentioned in the privacy policy of Jobs.ie , but I guess you still could ask for your details to be removed http://jobs.ie/Privacy.html

    — Paul eirjobs.com

    Comment on Mar 31st, 2008 at 8:21 pm   
  8. Ivan | JobsBlog.ie

    Scary….

    Monster was the first a few months ago, now some graduate web site in Dublin and now Jobs.ie… ( http://www.jobsblog.ie/Jobs/jobsie-hacked/86 )

    So who is next? :)

    Ivan | http://www.JobsBlog.ie

    Comment on Mar 31st, 2008 at 8:43 pm   
  9. Once More Into The Breach | Security Watch

    [...] only portable devices.? This means that breaches such as the exposure of people’s CVs on the Jobs.ie website earlier this year would not need to be reported.? Also it appears the minister wants to concentrate [...]

    Comment on Oct 5th, 2008 at 11:54 pm   

«
»