Data stolen from Monster.com users

LOS ANGELES TIMES

Monster.com said Thursday that 1.3 million users had personal information stolen by cyber-criminals who hacked into the job-placement Web site. The company said it would warn each one of them by mail.

Monster parent Monster Worldwide Inc. said it identified the victims after analyzing the data found this week by computer security firm Symantec Corp., which had estimated that hundreds of thousands of people were at risk.

“We think it’s the right thing to do,” said Monster Vice President Patrick Manzo. “We’re concerned with making sure our customers understand we have their best interest at heart.”

On Tuesday, Manzo had said the company would rely on its lawyers to decide how to notify its users. He also said the company has succeeded in shutting down the Ukraine computer where the cache of stolen customer data was stored.

Manzo said the FBI and U.S. Secret Service were investigating the case, in which criminals posed as corporate customers to access Monster’s database of résumés posted by individuals. Monster has résumés of some 70 million people on hand.

Customer names, addresses, phone numbers and e-mail addresses were the only records that were stolen, Manzo said.

The crooks used that information to send a number of deceptive e-mails to the job seekers, pretending to be prospective employers or Monster itself.

Some e-mails contained scam job offers that could lead to swindled bank accounts, while clicking on links in other e-mails could install malicious programs that seal up the user’s files or record bank account numbers and other financial information.

Also Thursday, some Monster users said they had received such e-mails as far back as February.

Manzo said that the company had noticed e-mail attacks on customers eight or nine months ago, but didn’t have concrete evidence of improper access to its files until the past week.