Hackers have stolen the personal data of up to 4.5m jobseekers by breaking into the database of online recruitment site Monster.co.uk.
Described by one consultant as a "horrendous breach", the case is the worst since HM Revenue and Customs lost the details of 25m child benefit recipients in 2007 and has caught the attention of the Information Commissioner's Office.
Monster.co.uk has admitted that the data stolen includes users' IDs and passwords, email addresses, names, phone numbers and "some basic demographic data", but says it does not include social security numbers or personal financial data.
It has not given an indication of the number of people affected, but around 4.5m people are registered with the site.
It is the third time in two years that security at Monster has been breached.
Security experts fear the data will fall into the hands of gangs and used to open fake bank accounts or in phishing email scams designed to elicit more personal details from those affected without their suspecting anything is wrong.
Graham Cluley from Sophos, an IT security firm, said that once armed with vital passwords hackers could also get into the existing email and bank accounts of the four out of ten people who use the same password across all websites they visit.
"It's a horrendous breach," Cluley said. "The information they have can be used to cause all kinds of mischief."
Monster has reacted to the breach by putting a security notice on its homepage linking through to a letter to users from its global chief privacy officer Patrick Manzo.
The letter advises users to change their password instantly and explains that Monster has not notified them of the breach by email to avoid the risk such emails would be used as a template for phishing emails.
In August 2007 Monster.com's database was infected by a virus called infostealer.monstres, which stole around 1.6m records, mostly of US customers. It is believed that a Russian gang was responsible.
Return to marketing news headlines
View Marketing News Archive