Monster disclosed the probe in a filing with the U.S. Securities and Exchange Commission, and said the inquiry stemmed from a computer attack announced last year that resulted in the illegal downloading of contact information for 1.3 million job seekers.
“On October 29, 2007, the Company was requested to voluntarily provide information to the staff of the Federal Trade Commission in connection with a non public inquiry into certain information security practices of Monster.com,” Monster disclosed in an SEC filing. “The inquiry arises as a result of the attack.”
FTC investigations as a rule are nonpublic unless the firm under investigation acknowledges the probe. The agency in recent years has been going after companies with alleged failures related to the protection of sensitive consumer information. In a number of cases, organizations have settled FTC charges and agreed to new data security policies.
Monster’s admission of the FTC probe underscores concerns about possible identity theft and data breaches in the use of online job boards.
FTC spokeswoman Claudia Bourne Farrell confirmed that the agency had an open investigation of Monster under way last year. She declined to comment on whether the investigation has been closed.
“You can get that information from Monster, but not from us,” she said.
Monster didn't answer a question from Workforce Management about whether the FTC probe remains open.
"We've cooperated fully with law enforcement and regulatory bodies, including the FTC," Monster spokesman Steve Sylven said in an e-mail.
The FTC inquiry stems from an incident last summer. Monster said employer client log-in credentials had been compromised and used to download information such as names, addresses, phone numbers and e-mail addresses for 1.3 million job seekers with résumés posted on Monster.com.
The breach may have fit into a “phishing” scam. “The purpose of gathering this information appears to be sending e-mail disguised as Monster in order to gain recipients’ trust, and then attempting to convince users to engage in financial transactions, or lure them into downloading malicious software,” Monster said in a security notice on its Web site.
Monster also said the breach was not an isolated incident, and that “the scope of this illegal activity is impossible to pinpoint.”
Monster says it has taken steps to improve data security and prevent online fraud.
“Every company that purchases access to Monster services is reviewed upfront, via a sales representative or via Monster's Fraud Prevention Team,” a Monster representative stated in an e-mail.
The company also says it has “implemented aggressive anti-phishing efforts including real time monitoring for phishing incidents and an aggressive program of reporting phishing sites for termination. We have also strengthened account security via new user authentication technology.”
The company declined to say whether the number of employer clients dropped in the wake of the August news.
“Monster does not disclose the number of employer customers we have,” the company said in a statement.