The Guardian’s job website has notified nearly half a million of its users that their personal details are at risk following a “deliberate and sophisticated” criminal data breach, “of which the Guardian is a victim in addition to some of our users.”
The incident is currently being investigated by the Police Central e-crime unit and details are scarce. However, the company that built the media group’s job board software, Madgex, said the system was now secure.
The information compromised represents a potential goldmine to an identity fraudster. While the stolen records are only a small proportion of the 10 million unique users who access the site each year, the details contained in CVs – names, dates of birth, addresses and work and education history – are more than enough to begin the hijacking process.
Unusually, considering the reaction to similar incidents by other companies, the Guardian made no offer of identity theft support services in its letter to those customers compromised, instead suggesting users have a notice placed on their credit file indicating they are at risk of identity fraud.
“We would like to assure you that we are absolutely committed to protecting the privacy of our users and we are treating this situation with the utmost seriousness,” the company said in a statement.
Hackers also stole details from jobseeker site Monster.co.uk in January this year, including usernames, passwords, telephone numbers and email addresses, although the company said no CVs were compromised.