USAJOBS.gov Security Alert

USAJOBS houses vacancy announcements government-wide. HHS was informed that USAJOBS applicant information has been compromised. NIH is one of the organizations that uses this site to post jobs. Hackers gained access to users' names, addresses, email addresses, and telephone numbers. Fortunately, no social security numbers (SSN) were compromised because of security shields on that information.

We do not know if any applicants to NIH jobs have been adversely impacted. If you are a current or former USAJOBS.gov applicant, you may find yourself targeted by phishing emails that appear to be sent from USAJOBS.gov or Monster.com (Monster provides the technology for USAJOBS). Phishing is a computer scam where identity thieves clone email messages from legitimate sources in order to trick users into handing over passwords or other sensitive information. They also may direct users to websites which download viruses or collect personal information. Phishing has also targeted users by phone to try to acquire the same personal data.

According to the USAJOBS website:

"USAJOBS will NEVER request personal information via unsolicited email (i.e. not a response to an email sent by you). Monster has also assured us THEY will NEVER ask any site users to download any software, 'tool' or 'access agreement.'

If you receive a suspicious email regarding your USAJOBS search, email it, with the full "header" information intact, to us at: mayday@fedjobs.gov."

More information about this attack can be found at http://www.usajobs.opm.gov/securityNotice.asp.

As a reminder, SSNs are no longer required on the submission of resumes to NIH vacancy announcements. We strongly encourage you not to place your SSN on your resume.  While the USAJOBS system does require you submit your SSN in their resume builder, typing your SSN outside of the designated SSN field may make it easier for someone with malicious intent to access that information.