LOS ANGELES - According to TechCrunch, the recruitment site Monster did not disclose to its customers that a third-party server containing possibly thousands of resumes and CVs for job applicants with private information attached was exposed online.
The server contained job seekers’ information spanning between 2014 and 2017. The exposed information included email addresses, phone numbers and home addresses.
While it is unclear just how many files were exposed, Monster’s chief privacy officer Michael Jones said in a company statement to TechCrunch that “the Monster Security Team was made aware of a possible exposure and notified the recruitment company of the issue.”
The statement went on to say that the server belonged to a recruitment customer it no longer works with but would not disclose who.
The company reportedly added that it was “not in a position” to find and notify affected users.
“Customers that purchase access to Monster’s data — candidate résumés and CVs — become the owners of the data and are responsible for maintaining its security,” the company said. “Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer’s database.”
This is not the first time Monster kept a data breach under wraps.
Back in 2007, the company allegedly waited nearly a week to tell its users about a security breach that resulted in the theft of sensitive information of 1.3 million job seekers.