A security analyst has warned HR directors they are “under threat” from computer hackers hunting for employee data, after unearthing a huge operation.
Anti-virus software giant McAfee discovered a scam targeting users of global recruitment website Monster.com, less than a year after 1.3 million users’ data was stolen from the site.
In the most recent attack, e-mails asking Monster users to click through and update their profile were in fact sending information to a computer in Turkey.
McAfee security analyst Greg Day said attackers were also targeting HR chiefs for specific files, which can hold data such as banking or hospital records.
“We’re seeing scammers particularly targeting HR directors because they have the highest security clearance and access to vast amounts of information,” Day told Personnel Today. “Criminals aren’t stupid, so if they’re looking for this information, they’ll do their research before they instigate their attack.
“The scope of the threat is very broad. The simple fact is, if someone wants information, and you have it, you’re very much a target,” he said.
Amendments made to the Data Protection Act earlier this year mean employers are now liable for the loss of data, whether through so-called phishing scams, internal staff theft, or human error.
“Research shows data leaks from businesses through human error more than purposeful breaches, and HR departments will have to focus just as much on keeping bad people out, and keeping good information in.”