About 146,000 users of USAJobs.gov had their personal information compromised in recent attacks on Monster.com, the US Office of Personnel Management (OPM) disclosed this week.The breach affected approximately eight per cent of the two million USAJobs.gov users, OPM announced on Wednesday.
Monster administrates the USAJobs.gov website for OPM, the agency in charge of the civil service.
Information breached in the attack includes names, email addresses and telephone numbers. No Social Security numbers were compromised, according to OPM.
The breach was part of a multi-layered attack on Monster, in which hackers used credentials to access the site, then spread a trojan to capture names, email addresses and telephone numbers of job seekers.
That stolen information was used to deliver spear phishing emails to job seekers, requesting financial details or recruiting individuals to join the scam.
Experts have said that such multi-layered attacks will become more common in the future.
OPM published a security notice on USAJobs.gov and reminded users that they will not be asked to provide personal information in unsolicited emails. The agency is also sending letters to all affected subscribers.
OPM spokesman Peter Graves said the agency should complete email notification of all 2 million users today. Monster officials said this week that they're beefing up security measures in response to the recent data theft that exposed the personal information of 1.3 million subscribers.