USAJOBS.gov Security Alert
USAJOBS.gov and Monster.com Customer Information Compromised - August 30, 2007USAJOBS houses vacancy announcements government-wide. HHS was informed that USAJOBS applicant information has been compromised. NIH is one of the organizations that uses this site to post jobs. Hackers gained access to users' names, addresses, email addresses, and telephone numbers. Fortunately, no social security numbers (SSN) were compromised because of security shields on that information. We do not know if any applicants to NIH jobs have been adversely impacted. If you are a current or former USAJOBS.gov applicant, you may find yourself targeted by phishing emails that appear to be sent from USAJOBS.gov or Monster.com (Monster provides the technology for USAJOBS). Phishing is a computer scam where identity thieves clone email messages from legitimate sources in order to trick users into handing over passwords or other sensitive information. They also may direct users to websites which download viruses or collect personal information. Phishing has also targeted users by phone to try to acquire the same personal data. According to the USAJOBS website:
More information about this attack can be found at http://www.usajobs.opm.gov/securityNotice.asp. As a reminder, SSNs are no longer required on the submission of resumes to NIH vacancy announcements. We strongly encourage you not to place your SSN on your resume. While the USAJOBS system does require you submit your SSN in their resume builder, typing your SSN outside of the designated SSN field may make it easier for someone with malicious intent to access that information. This page was last reviewed on June 20, 2008. |