Online security suffers from no breach disclosure

2 Apr 2008

It is important that mandatory breach disclosure is introduced in Ireland to give online job agencies an added incentive to protect customer data, said James Galvin, CTO of Irish firm Glandore Systems which provides software for the recruitment industry.

In light of the recent breach which was disclosed within 24 hours of occurrence, Galvin said there are many more that go unreported: “I know for a fact that leaks much bigger than the leak happen every day but they are not disclosed.”

Added to this, scammers have got wise to the fact that the resume is a very rich source of information, he explained.

“In addition to name, address, phone number and email address, which are valuable in themselves, the wealth of information accompanying these details builds a profile which can leave the individual vulnerable to fraud.

“Users often find themselves receiving highly targeted spam, eg if your resume says you are based in France, then this is worth more to a spammer in France, and if you do not have a university degree, then you are a better target for those selling diplomas.

Since the breach, fraudulent job offers by telephone are increasingly common, Galvin claimed.

Glandore is currently developing Resume Safe, which Galvin said will keep all users’ private data in CV format for job-seeking purposes safe on the internet.

The user signs up for free and receives a virtual voicemail number, as well as a disposable email alias. Resume Safe hides other sensitive details with the click of the button.

Because Resume Safe is a web app, users can build their CV online and then export it as a document or PDF if they want to, or invite someone to view it online.

Galvin is concerned with identity theft: “On their CV, people outline so much of their life in a one page document, even down to their hobbies and often the names and phone numbers of referees, so they are vulnerable to identity theft if the document falls into the wrong hands.”

In the past six months since the breach, where over 1.6 million CVs were leaked, job-seeking sites are becoming bigger targets for hackers.

“Due to a low barrier to entry in the job board industry, there are over 50,000 active job boards on the internet, and the vast majority of them do not have adequate security in place.

“Nobody can know that their data is safe if breach disclosure is not mandatory. We have no idea of how common these data breaches are.”

By Marie Boran