The security breach involves account information for an estimated 5,000 U.S. government recruiters for GovJobs.com. The breach, which occurred August 13th of this year, was discovered when IntelCrawler, a California based security company, found a database of names and account information being sold "underground." The compromised accounts belong to a wide range of recruiters, including those from every branch of the U.S. military, the National Security Agency (NSA) and other government agencies, along with accounts for top government defense contractors. The company reported incident to the Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT), who is investigating the security breach according to The Daily Caller.
Authorities worry that hackers may use the information to impersonate government recruiters in an attempt to gain obtain classified information from job seekers. There is also concern that the stolen information can be compared to information gained from other hacking incidents. Information related to financial records, alcohol or drug use or other sensitive information could be used for blackmail purposes according to IntelCrawler. Politico quotes Dan Clements, president of IntelCrawler, as saying:
"Hackers with such information could impersonate recruiters and tap job seekers who have knowledge of sensitive government projects, or seek damaging information about applicants to blackmail them into spying for them. They could cross-reference job-hunter lists with information, stolen in earlier hacks of commercial firms, on applicants' use of drugs, alcohol and pornography or their financial transactions. Like many Internet users, some recruiters reuse their passwords, which can put their contacts at other sites at risk as well."
Peter Osapay, operations manager for the company who runs GobJobs.com, said he was not been notified of the data breach, but dismissed the importance of the information gained by the hackers. In an email statement Osapay said:
"Even without a hack, if an employer went through our resume database and resold it, it is mostly old data with not much use really, as it lacks many personal details acquired later at interviews."
This article has been extracted from http://www.digitaljournal.com/, please click on this link to read the article in full http://www.digitaljournal.com/technology/classified-information-at-risk-after-government-website-hacked/article/403894#ixzz3Dl5vmAAE
Montash is a multi-award winning, global technology recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:
ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.
With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.