The Guardian Jobs employment website contacted many of its users on Sunday October 25th detailing a damaging and deliberate hack of their systems by an unknown group. Thousands of users in the UK may have been affected, although according to official sources the US iteration of the site remains unaffected.
Guardian Jobs spokesman Charles Arthur expanded on the specifics later in the day. He and his colleagues were keen to emphasise that the breach was instigated purposefully and was not caused by an incidental failure in their security systems.
The attack appears to have been fairly limited, with a relatively small group of Guardian Jobs users receiving emails to advise them that their data may have been accessed. In most cases the only salient information stored on the site is a user’s CV, email address and a covering letter for prospective employers. Whilst this information is generally considered to be benign, Arthur urged those affected to contact the Credit Industry Fraud Avoidance System (CIFAS). By doing so, any fraudulent use of a user’s name or address can be quickly identified.
The separate US site, guardianjobs.com, remains unaffected. This is because it is operated independently by third parties and in no small part because the user information is stored on separate databases to those used by the UK site. The UK operator, Madgex, has already instigated enhanced security measures in order to block any future hack using the same method as the recent breach.
Based on the limited information that has been made available to date, it appears that Guardian Jobs is keen to spread the word that although the attack was serious in its nature, it has not exposed every user of their online employment service by any means. Over the next few days, a technology director working for the site claims that they will be able to determine the total number of users affected. This process will also involve purging any automatic, false and duplicate emails from their systems.
To outside observers the target of the hack is an enigma in itself. Since the Guardian Jobs website should not hold financial data relating to users and because the number of affected users appears to be limited, the true nature and intent of the hack may never come to light.