14 DAY TRIAL // The administrators of the jobs.guardian.co.uk have announced that the online recruitment website suffered a serious security breach. As a result, the company has notified nearly 500,000 people that their data might have been compromised.
The Guardian Jobs website is owned by Guardian News and Media Limited, the company that publishes the Guardian and the Observer newspapers. The online recruitment site is powered by job board software developed and maintained by a company called Madgex Limited.
"We can confirm that we are investigating a breach of security to the guardian jobs site that we were alerted to yesterday," an announcement released this Saturday by Guardian News and Media, reads. "We would like to assure you that we are absolutely committed to protecting the privacy of our users and we are treating this situation with the utmost seriousness," the company stressed.
The incident, which is described as a "deliberate and sophisticated crime," is still being investigated by the new Police Central e-crime Unit (PCeU). Because of this, no details regarding the method of compromise have been released. However, Madgex gives assurances that the problem has been remedied and the system is now secure.
As far as impact goes, around 500,000 users have been potentially affected. Even though this represents only a small portion of the site's total number of unique users, estimated at over 10 million per year, it still accounts for a significant amount of data. "In line with the Information Commissioner’s guidance on data protection, we have identified and contacted, or attempted to contact, everyone who may be at risk," the company notes.
The specific nature of the compromised information has not been disclosed, but the data is believed to stretch back as far as two years. "If I were a user of the site I certainly wouldn't hesitate to change my password just in case. Make sure, of course, that you choose a sensible hard-to-guess password and don't use the same password on any other site," Graham Cluley, senior technology consultant at antivirus vendor Sophos, advises.
Job-listing sites are an attractive target for identity thieves due to extensive personal data provided by individuals on such accounts. Back in January we reported a similar data leak incident on the Monster.com and USAJOBS websites.