Security & Fraud

Monster: Job Seekers’ Resumes Were Exposed Online was the victim of a data breach caused by an exposed web server, but failed to inform users about the incident.

The server held the resumes of job applicants spanning 2014 and 2017, and included private information such as phone numbers, home addresses, email addresses and prior work experience. TechCrunch reviewed many of the documents and reported that most of those impacted were located in the United States.

While there’s no set number on how many users were affected, one folder from May 2017 contained thousands of resumes.

A statement by Monster’s chief privacy officer, Michael Jones, said the server was owned by an unnamed recruitment customer that Monster no longer works with. Even after multiple requests, Monster declined to name the customer.

“The Monster Security Team was made aware of a possible exposure and notified the recruitment company of the issue,” the company said.

Although Monster said it secured the exposed server soon after it was discovered in August, it never notified users of the breach. In fact, it didn’t admit to the incident until a security researcher alerted TechCrunch of it.

“Customers that purchase access to Monster’s data — candidate resumes and CVs — become the owners of the data and are responsible for maintaining its security,” the company said. “Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer’s database.”

Local data breach notification laws state that companies need to notify state attorneys general when large numbers of users are affected. While Monster technically does not have to disclose anything to regulators, some companies will still warn their users of an exposure.

However, Monster said because the exposure took place on a customer system, the company is “not in a position” to identify or confirm affected users.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.