Monster.com says a third party exposed user data but didn’t tell anyone
Zack Whittaker reports:
An exposed web server storing résumés of job seekers — including from recruitment site Monster — has been found online.
The server contained résumés and CVs for job applicants spanning 2014 and 2017, many of which included private information like phone numbers and home addresses, but also email addresses and a person’s prior work experience.
Of the documents we reviewed, most users were located in the United States.
Read more on TechCrunch. Monster.com’s position seems to be that it is the responsibility of the customer/client who purchased the data to secure it and to make any required breach notifications, and they have not named the recruitment company.
Well, OK, but what happens if state attorneys general subpoena the information or the FTC files a civil investigative demand? They will have to name the recruitment company.