Personal Information Security

You can download and manage resumes from a huge array of paid and free sources.

Platinum Recruiter integrates with desktop, enterprise  and web applications.  Do you need to contact your prospective candidates via email?  With Platinum Recruiter, you can create email message templates and send batch emails to all candidates that meet your criteria in just a few mouse clicks.  Already have a batch email solution?  You can import and export your contact email addresses  between Platinum Recruiter and other mailing systems. (From the Website)

Really, there's no shortage of tools that give the same functionality. In the Sates, where personal data is not particularly well regulated, resumes are commodities. Since there is no penalty associated with using the personal information in them, resume databases are accessed by all sorts of commercial and political interests.

In the Monster Security Mess, what appears to have happened is as follows:

1. Somehow, unauthorized users got a hold of legitimate Monster login(s) and password(s)
2. They used the password(s) and login(s) to perform normal system functions by downloading resumes.
3. Those resumes were used to create (varieties of) email for phishing

Not only isn't it complex, it looks a lot like how the very low end of the job board business proposition works. The unauthorized use of passwords and logins is a factor in every resume based job board's business model. The only way to eliminate the risk of unauthorized access with legitimate credentials would be to get out of the resume business entirely.

In computing, phishing is a criminal activity using social engineering techniques.^[1] Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. (Wikipedia)

Sadly, fraudulently acquiring sensitive personal information is also a part of the low end game in our industry.

Things could (and should) change. These days, my banks look closely at the exact computer I'm using to log on. Digital Resolve helps security departments track and manage anomalies in signons.  If resumes were tracked like they are in other places in the world, security would be enhanced.

The weird thing here is that this is news at all. While there is a meaningful problem in personal information security, it's a daily thing. The practices of each of the now 50,000 job boards simply can't be managed to avoid the distribution of their data to unseemly customers (or criminals for that matter). There are few, if any, job boards who currently claim to have adequate security measures to interrupt a high volume user. They only have service agreements to stop illicit use of data garnered from their services.

In the long haul, the question will devolve back to the users. For many, it is worth being phished to get a resume into circulation. Others will work to maintain their anonymity.