In a Securities and Exchange Commission filing dated February 21, Monster Worldwide, the parent company of electronic job board Monster, said an FTC probe into the breach was resolved “without further action required by the company.”
The data breach in question first came to light last August. Monster said employer client login credentials had been compromised and used to download information such as names, home addresses, phone numbers and e-mail addresses for 1.3 million job seekers with résumés posted on Monster.com.
The breach may have fit into a “phishing” scam, and raised concerns about possible identity theft in the use of online job boards. Monster also said the breach was not an isolated incident, and that “the scope of this illegal activity is impossible to pinpoint.”
In November, Monster revealed that the FTC had begun an inquiry into the company's information security practices as a result of the computer attack. The agency in recent years has been going after companies with alleged failures related to the protection of sensitive consumer information.
In a number of cases, organizations have settled FTC charges and agreed to new data-security policies. An FTC spokeswoman confirmed that Monster’s statement in its SEC filing about the probe’s resolution is accurate.
Soon after the breach was disclosed last summer, Monster said its Web Site Security Task Force would report directly to Monster chief executive Sal Iannuzzi.
“Protecting the job seekers who use our Web site is a top priority at Monster,” Iannuzzi said in a statement at the time.
In an e-mail exchange this month, company spokesman Steve Sylven named a variety of actions taken by the company related to data security.
“Every company that purchases access to Monster services is reviewed upfront, via a sales representative or via Monster’s Fraud Prevention Team,” Sylven said in an e-mail.
The company also says it has “implemented aggressive anti-phishing efforts including real-time monitoring for phishing incidents and an aggressive program of reporting phishing sites for termination. We have also strengthened account security via new user authentication technology."