The Guardian Jobs website has suffered a 'security breach', leaving job hunters' personal data exposed.
In an email from Guardian staff on Saturday night, registered users were told:
"You have used the site to make one or more job applications and we believe your personal data, relating to those applications, may have been accessed."
"The matter has been reported to the police, who are now undertaking a full investigation through the police central e-crime unit at New Scotland Yard... We will continue to work with the police whilst the investigation is carried out."
The leak was discovered on Friday. Exact details of the information stolen have not been published, but the site allows job hunters to upload their full CVs and tracks any job applications they have made.
Guardian Jobs, one of the top five UK recruitment sites with over a million users per month, has been run by external supplier Magdex since 2007.
The newspaper has also set up a dedicated page with news of the ongoing investigation.
UPDATE: Guardian Technology editor Charles Arthur posted on his company blog yesterday that a friend had discovered vulnerabilities on the homepage of a political party. Within hours, the BNP had published a response on its own blog, adding that "users of this website might expect minor disruptions while the technical web team takes measures to further secure this website."
What's really disturbing is that most Jobs boards when through a security review after the Monster fiasco a few months ago, for Madgex and the Guardian to be so niave is worrying to say the least. As yet I've not heard confirmation that other Madgex sites have not been effected or are not vulnerable.
Posted by: PuristProductManager | Oct 25, 2009 at 00:45