Experts question fallout from new Monster hack

SAN FRANCISCO -- For the second time in less than 18 months, the job-search website Monster.com was breached, along with USAJobs.gov, which Monster's parent company runs for the federal government. And yet Monster might suffer little fallout — because the overall state of computer security is so bad anyway.

Attacks against websites have become so common, security experts say, that Monster Worldwide Inc. won't necessarily scare customers away with its January disclosure that its database was plundered of user IDs, passwords, e-mail addresses, names and phone numbers. Monster makes money by charging employers that post jobs and scan the resumes of applicants, who use the service for free.

Security experts said Monster didn't appear to be doing enough to secure its computers, but many played down the latest breach because Monster said no Social Security numbers, personal financial information or resumes were stolen. However, Monster didn't say how many records were exposed. In a previous breach, in August 2007, con artists grabbed resumes on 1.3 million people.

Both incidents affected Monster.com, which boasts more than 75 million members, and USAJobs.gov, which has 8 million registered users. They're both alluring targets because people give job search sites all kinds of personal information. Even just the user names and passwords people use on the sites can be golden to a thief, since people often don't change their information from site to site.

Michael Orenstein, a spokesman for Office of Personnel Management, which oversees USAJobs.gov, wouldn't say whether the government is reconsidering its contract with Monster, which is up in about a year. He said there's no indication that information on USAJobs' members has been used against them.

"We will continue to work with Monster to ensure we have the best available security, so that incidents like this do not occur, or when they do, the damage is limited or of an inconsequential nature," he said. "No breach is good, don't get me wrong, but the information obtained was limited."