The details of thousands of job seekers have been leaked online in a large-scale data breach, reports have claimed.
According to TechCrunch, CVs from job seekers stored by a number of recruitment firms, primarily Monster, were found on a web server that had been left exposed for a number of years.
The documents included a range of personal details, such as email and home addresses, phone numbers and past employment history. The exact number of leaked documents is not clear at this time, but a single folder dated May 2017 contained thousands of CVs.
The files covered a time period stretching from 2014 to 2017, with most of the applicants based in the United States - although some files were found to include immigration documentation.
A statement from Monster's chief privacy officer Michael Jones said that the server was owned by an unnamed recruitment customer. Monster would not name the customer, but did say it was no longer working with them.
It added that the compromised server was secured shortly after it was breached, but that because the incident happened on a customer system, Monster was “not in a position” to identify or confirm which users had been affected.
“The Monster Security Team was made aware of a possible exposure and notified the recruitment company of the issue,” the company said.
“Customers that purchase access to Monster’s data — candidate résumés and CVs — become the owners of the data and are responsible for maintaining its security,” it added. “Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer’s database.”