UK job website targeted by hackers

Hundreds of thousands of job seekers may have had their personal details stolen after a website in Britain was hacked recently, reports on Monday said. The Guardian Jobs website had been "targeted by a sophisticated and deliberate hack" according to the Guardian News and Media Group. Nearly half-a-million could be affected by the security breach, though the publishing company said it had no clear idea of the numbers affected. Over the weekend nearly 500,000 emails were sent out to users as a precautionary measure.
The Guardian Jobs website is outsourced to third-party jobs board provider Madgex, and enables users to target their CV to potential employers. The breach could make it possible for criminals to create "very attractive and believable email that will have a high likelihood to trick the recipient into clicking on a link or running the attachment," according to Patrik Runald, senior manager of Websense security labs.
Such phishing attacks are particularly dangerous and open people up to identity theft as well as financial fraud. The email warned customers of the security breached and advised them on certain actions they might take. In particular they were told to contact their creditors, even if they had not been affected, so that they might monitor accounts and ensure they remain protected. They were also urged to contact a credit reference agency such as Callcredit, Equifax or Experian who may provide information as to how to resolve the situation and prevent it happening again. In addition Guardian Jobs users also suggested those who believed they had become a victim of identity theft should consider subscribing to CIFAS, the UK's Fraud Prevention Service. Although financial information is not believed to have been lost, even a standard CV and covering letter can provide enough detail to initiate identity theft.
The Guardian News and Media Group said it had been assured by its provider, Madgex, that the site was now secure and the US version of the site had not been affected. The paper also said the incident was now being investigated by the central e-crime unit at New Scotland Yard and would not comment further until the investigation was complete. "The police remain anxious to keep information about the apparent theft to a minimum, in order not to compromise their investigations, but did agree with us that we could inform those users who may be affected," the Guardian said in a statement released through its website. "We stress our regret that this breach has occurred," it added, but stressed that although up to half-a-million might be affected, it was "clear that only a minority of Guardian Jobs users are at risk" given that more than 10 million users are on the paper's data base.