Monster waited to disclose data breach

Monster.com waited five days to tell users its system had been hacked, in a security breach that resulted in the theft of confidential information for more than a million users, a company executive told Reuters yesterday.

By the time the job-matching website shut down the illegal operation, run from two server computers at a Web-hosting company in Ukraine, the names and confidential contact information of some 1.3 million job seekers had been stolen, Patrick Manzo, vice president of compliance and fraud prevention for Monster Worldwide Inc., said in a phone interview.

Monster, a New York company whose US operations are based in Maynard, first learned of the problem on Aug. 17, when investigators with Internet security company Symantec Corp. told Monster that it was under attack, Manzo said.

"In terms of figuring out what the issue was, that was a relatively quick process," he said. "The other issue is you want to make sure exactly what you are dealing with."

His security team spent the weekend investigating, located the rogue servers, and got the Web-hosting company to shut them down some time either late in the evening on Monday or early in the morning on Tuesday, he said.

The company said it would warn each of the 1.3 million people whose data was compromised of the problem by mail, according to the Los Angeles Times.

"We think it's the right thing to do," Manzo. "We're concerned with making sure our customers understand we have their best interest at heart."

Monster first told its customers about the data loss on Wednesday in a notice posted on its home page.

The New York Times Co., parent company of The Boston Globe, has an alliance with Monster Worldwide Inc. to sell help-wanted advertising.