Hackers target Guardian jobs site

Half million people may have details compromised despite technicians interrupting 'sophisticated' attack on recruitment site

The Guardian has emailed "up to half a million" users of its UK-based Jobs website to tell them that some of their personal data may have been compromised by "a sophisticated and deliberate hack" on Friday night.

A Guardian spokesperson said the site has about 10 million unique users per year, and that "the hack was stopped before it was completed".

"As soon as we were alerted to the fact that there was a problem, we dealt with it, in line with the information commissioner's guidance on data protection," said the spokesperson. "We felt it was important to be transparent and alert our users as soon as possible."

Yesterday , the Guardian put a security notice on its Jobs site, which said: "The supplier who runs the site has identified the manner in which it was hacked and taken steps to prevent a recurrence."

User accounts were not hacked, so there is no need for site users to change their passwords. The compromised data could include the person's name, email address, covering letter and CV, but "we have no reason to believe that any financial or bank data was compromised," said the Guardian's email. Some of the data was up to two years old.

The user data is not held on the web but stored on separate databases run for the Guardian by third parties. In the UK, it is reportedly run by Madgex.

A Guardian technology director said: "We will have final numbers of real users and the type of data in the next few days, once we strip out duplicates, false emails and so on." He said he was unable to provide any technical details of the hack, as these were part of a police investigation by the central e-crime unit at Scotland Yard.

Jobs site user Chris Gittner said that at first he thought the email was a hoax, and "all of this wasn't helped by finding out about it late on Saturday evening when there was no one official around to talk to."

Kate Waugh, a user from Staffordshire, said: "I'm quite worried about the repercussions of my sensitive data falling into the wrong hands: I've had enough experience already of card fraudsters so I know how easily you can fall victim to these things.

"I'm going to take the steps recommended by the Guardian, but it's one more worry I could do without. I have to say the Guardian's reassurance that it won't happen again doesn't help."

The Guardian's email passed on police recommendations for "precautionary measures" such as contacting a credit reference agency - Callcredit, Equifax or Experian — and using Cifas, the UK's fraud prevention service . Cifas also runs fraudjobsite.co.uk.

Another user, Simon Anthony, said "we probably will" register with Cifas but "it costs £12 each person. Will the Guardian pay for this?" He said he objected to paying for security that he should not need.

Job sites are regularly attacked by hackers and via email "phishing" attacks, as they provide a rich source of data for those interested in identity theft. Job seekers who simply circulate their CVs directly to potential employers, or post them on the web or on Facebook, are also increasing their level of risk. Job sites may still be the safer option.

The Guardian's US-based Jobs site was not affected.


Jack Schofield

The GuardianTramp

Related Content

Identity fraud website shut down in global police sting

Sixty people arrested after closure of Darkmarket forum where people traded in stolen personal data

Press Association

17, Oct, 2008 @8:53 AM

Article image
Cybercrime complacency no laughing matter, police chief warns

Scotland Yard launches 'cyber flying squad' as British public warned to be more alert to online criminality

Nick Hopkins

31, May, 2011 @11:21 PM

Article image
Sony hackers target NHS computers
Hospitals and primary care trusts alerted to security breach, but no patient's medical records accessed during incident

Denis Campbell, health correspondent

09, Jun, 2011 @6:15 PM

Computer hackers: Internet flaw sparks biggest security fix in web history

Microsoft is among the companies announcing action against a hijacking internet scam by closing a loophole. By Bobbie Johnson

Bobbie Johnson, technology correspondent

09, Jul, 2008 @11:01 PM

Article image
Hackers steal jobseekers' details from Monster recruitment website
With 4.5 million people on database, theft could result in largest data loss since 2007 child benefit scandal

Jenny Percival and agencies

27, Jan, 2009 @9:27 AM

Article image
20 ways to keep your internet identity safe from hackers

Cybercrime costs Britain £27bn a year, and it could cost you dear too if you don't take basic precautions. James Silver asked experts for their top tips

James Silver

11, May, 2013 @11:01 PM

Spot of bother for Spotify after hackers steal users' passwords

Online music service reveal that thousands of users' personal details may have been stolen

Bobbie Johnson, technology correspondent

05, Mar, 2009 @12:01 AM

Article image
Google's Eric Schmidt denies knowledge of NSA data tapping of firm
Executive chairman says search company has 'complained at great length' to the US government over intrusion

Charles Arthur, technology editor

21, Jan, 2014 @10:30 PM

Article image
Yahoo fined £250,000 for hack that impacted 515,000 UK accounts
ICO says firm ‘failed to prevent’ 2014 Russia-sponsored hack after 500m accounts compromised

Samuel Gibbs

12, Jun, 2018 @2:53 PM

Article image
Malware file infects 0.5m computers

Internet analysts are warning surfers to be on their guard after a booby-trapped file outbreak

Bobbie Johnson, technology correspondent

09, May, 2008 @1:57 PM