Washington, D.C. - The U.S. Office of Personnel Management (OPM) today announced that OPM and Monster Worldwide (technology provider for USAJOBS.gov) are investigating the use of malicious software to gain unauthorized access to the Monster.com resume database. The contact information, consisting of names, e-mail addresses, and telephone numbers, has been used by "phishing e-mailers" in an attempt to collect sensitive information from job seekers. Monster has assured OPM that no Social Security Numbers were compromised.

Access to the data was obtained through the use of a private sector Monster customer's computer using legitimate employer credentials. Fortunately, OPM information security officials and Monster Worldwide isolated the problem early. Monster has informed us only 146,000 subscribers to USAJOBS.gov - out of two million subscribers - were affected in this incident, less than eight percent. Monster Worldwide has already identified and shut down the rogue server that was accessing and collecting the information. OPM is working with Monster Worldwide to implement a long-term remedy to protect data.

The most likely use for this kind of information is to send counterfeit "phishing" e-mails to targeted populations requesting further disclosure of information.

OPM and Monster Worldwide wish to remind users that they will never be asked to provide personal information via unsolicited e-mail and have provided guidance on identifying and reporting unscrupulous e-mail messages. Users who do receive such e-mail should report it immediately to Mayday@fedjobs.gov.

OPM has posted a notice on USAJOBS.gov and is sending warning letters to all subscribers to alert them of counterfeit phishing e-mails.

Detailed guidance is available at http://www.usajobs.gov/SecurityNotice.asp