eFinancial Careers hacked

leave a comment »

I’d completely forgotten that I’d registered with eFinancial Careers until I got an email (see below) telling me that they’d been hacked and my personal data had been compromised. Under the circumstances, I can’t help wondering whether it might be a good idea to force companies to delete registered users’ accounts (and the attendant personal data) if the user fails to log in over an extended period of time.

Dear eFinancialCareers Member,This week, we detected illegal access of the eFinancialCareers database which compromised our users’ information. We believe that our registered users’ names, email addresses, registered countries and encrypted passwords have been accessed. At this time, our forensic teams have implemented countermeasures and continue to investigate.We are not immune from illegal attempts to access and extract information, as is the case with many organizations which maintain large information databases. Although we constantly review and improve our security features, unfortunately on this occasion, some information was taken, for which we offer our full apology.

Because email addresses were compromised, there is a possibility that you may receive unsolicited emails requesting further personal data, which could appear to come from eFinancialCareers. Please be on the alert for this type of email and inform us at help@efinancialcareers.com if you receive anything suspicious.

Helpful advice on how to protect yourself from email scams is available on the homepage of our website. To help you determine whether communications from us are genuine, below is a list of things we do not do:

  • We do not ask for your personal financial information in an email, and never ask for bank account or credit card information to be sent via email.
  • We do not send out emails with executable or compressed (zipped) files, or attachments other than PDF and Word documents.
  • We will never ask for your password via phone or email. (You will only be required to enter your password when logging onto eFinancialCareers.com).
  • We will never ask for your Social Security or National Insurance number.
  • Employer and recruiter enquiries from eFinancialCareers will never ask you to wire funds or accept payments for services.

As a precaution, the next time you access your eFinancialCareers account, you will be asked to reset your password.

We are taking this attack seriously and have already put security measures into place to prevent further loss of data. We will continue to review and improve our security features. We are sorry for any inconvenience this may cause you. Please do not hesitate to contact us to ask us any questions you may have relating to this security incident.

Sincerely,James Bennett
Managing Director
eFinancialCareers, EMEA & Asia PacificConstance Melrose
Managing Director
eFinancialCareers, North America

Written by jackgavigan

February 19, 2011 at 9:11 am

Posted in InfoSecurity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: