Sunday, February 1, 2009 Data Breach Threatens Job Search Sites' Effectiveness

I was interviewed by CIO magazine about a security breach at Monster, leaving candidate information vulnerable. I've also included additional comments I made abut this situation below. My quotes and comments are in bold:

Last Friday, disclosed that its database was hacked, and that members' names, usernames, passwords, e-mail addresses, phone numbers and demographic data were compromised in the data breach. The job search site, which boasts over 75 million accounts for job seekers, hasn't disclosed the number of users whose personal information was stolen.

This isn't the first time's database has suffered a break-in: The Maynard, Mass.-based online job board experienced a previous hack in August 2007, which impacted 46,000 job seekers and 1.3 million records, according to Computerworld.

This newest data breach comes days after re-launched with a new user interface and new career management tools for job seekers on January 12.

The breach raises the question of whether security breaches like those that have taken place at will make job seekers more gun-shy about sharing their work histories and contact information online, and whether their reluctance to share information will dilute the effectiveness of those sites.

Phil Rosenberg, a career coach, doesn't think the most recent data breach will change most job seekers' behavior on job search sites.

"If we weren't in a bad recession with a really tough job market, I think it might," he says. "At the end of the day, people want to eat and work."

The job seekers who may opt to remove information (such as phone numbers, personal e-mail addresses or mailing addresses) from their job search profiles are more likely to be the passive ones, says Rosenberg, because they have less skin in the job search game.

Employed executives looking for new jobs may also think twice about what they post on job search sites such as Execunet and The Ladders for fear that their employers might find out they're looking for something new through a breach, he says.

If passive job seekers, who are arguably more appealing than unemployed job seekers, begin to limit the employment and contact information they share on job search sites, and if hiring managers and recruiters can't reach them as easily as a result, the effectiveness of job boards may be reduced. user Chuck Rudisill, a VP of sales for outsourcing services provider NDS, says he's considering limiting the information he shares on the site.

Rudisill uses about three times per week to prospect sales leads: He uses it to see which companies are hiring technical talent and to see which technical skills are in demand. He also has a personal account which he says he checks maybe once a month.

Rudisill hadn't known about's data breach until contacted him for an interview, even though he had surfed the site on Monday—three days after posted a small security alert about the breach on its home page. Rudisill says he didn't see the alert because it's only on the home page. (He enters the site through a bookmarked page, not the home page.)

He also expressed surprise that didn't notify individual account users of the breach. noted on an FAQ page that it decided not to inform users individually of the breach because it didn't want to risk that "those e-mails would be used as a template for phishing e-mails targeting" its users.

Rudisill, who is on the Do Not Call List, is concerned that his phone number and e-mail address might get "into the wrong hands"—e.g. telemarketers or spammers. So far, he hasn't noticed any "unusual activity" activity on his cell phone or an uptick in spam since last Friday, but, he says, "I'm not sure how long that's going to last."

The sales exec planned to go back to his profile on to see what information he had in his account. He said he might remove his phone number and e-mail address from his profile and that he'd be looking to for information and recommendations on what to do and how to minimize his exposure. (For information on how to protect your identity in a job search, see the CIO Job Search blog.)Blogger: reCareered - Create Post

"Am I concerned about the downside of not having my contact information on the site, and people not being able to reach out to me, or [am I concerned about] the loss of privacy," he asked himself rhetorically. "That's something I'll have to decide over the next few weeks."

Countless other job seekers will no doubt be asking themselves the same question.
And my comment to the article:

Monster's security breach creates a dilemma for career changers. Should you give personal info so employers can contact you, even if it subjects you to spam and telemarketing?

As annoying as spam and telemarketing calls are, finding work is usually worth the annoyance.

When recruiters and company HR reps search for talent, they can easily find lots of resumes that meet their specific needs...even more during tough times, like today. Given two equally skilled candidates, which candidate do you think a recruiter will call first...a candidate who makes their information available and easy to access, or one who makes contact more difficult?

A recruiter's job and a HR rep's job is to find candidates who meet minimum qualifications as fast as possible. They are positions that are managed to be efficient above all else.

The candidate who makes contact easy and transparent wins....every time.

Are you willing to deal with some annoying spam and some telemarketing calls to increase your chances in a more competitive job market?

Phil Rosenberg
President, reCareered


Executives exploring Career Change: For a free 30 minute resume consultation, or career advice for executives, email your resume confidentially to reCareered (, and we'll schedule a time to talk.

Staff, Managers, Entrepreneurs, and career changers outside the US: Send your resume to to enroll in a free group teleseminar "Accelerate Your Job Search - tools you can use".

No comments: