Hackers are believed to have stolen the personal details of millions of people using the online job site Monster.
Users around the world have been affected, including the 4.5 million users of the UK site.
If all are affected it would make it the biggest data theft in the UK since the details of 25 million child benefit claimants went missing last year.
The recruitment giant has advised people to change their passwords and be on the lookout for phishing e-mails.
Recruitment sites have proved rich pickings for criminally-minded hackers in the past and it is not the first time Monster has fallen foul of cyber thieves.
In 2007, 1.3 million details were downloaded to servers based in Ukraine.
Phishing danger
Last year the details of 1.6 million jobseekers was stolen and followed by sustained phishing attacks, where people are fooled into installing malware via links in emails.
Monster first revealed that its database had been attacked again on 23 January but has remained tight-lipped about the scale of the attack.
"We recently learned our database was illegally accessed and certain contact and account data were taken," said Monster senior vice president Patrick Manzo in a statement.
He went on to admit that hackers had stolen user names, passwords, telephone numbers and e-mail addresses, alongside demographic data, birth dates, gender and ethnicity.
CVs had not been accessed, he said.
The statement warned people to be on the look-out for phishing e-mails built around the details surrendered to Monster.
"Monster will never send an unsolicited e-mail asking you to confirm your username and password, nor will Monster ask you to download any software tool or access agreement in order to use your Monster account," it read.
Graham Cluley, a senior consultant with security firm Sophos, said hackers armed with details from Monster accounts, could target other online information.
"It is surprising just how many people use the same password for a variety of sites. They need to change all passwords that are the same as that for their Monster login," he said.
[source: http://news.bbc.co.uk/1/hi/technology/7853251.stm]
Job seekers have been warned to be particularly careful when sending their CVs to employers' websites or online recruitment agencies.
An experiment involving a fake website lured 107 people into submitting their CVs, full of personal information that could have led to identity theft.
Of the CVs, 61 contained enough information to apply for a credit card.
The experiment was staged during the recent national identity fraud prevention week earlier in October.
It involved a CV company called iProfile, with the backing of the Police and the Information Assurance Advisory Council (IAAC), setting up a website for a bogus company called Denis Atlas.
The fake firm placed an advert in a national newspaper for a job as an office manager, inviting people to apply by sending in their CVs to the website.
Although 107 people did so, a quick search of the website would have shown that it was in fact a fake operation.
Personal details
"Many people are happy to send their CVs 'blind' without thinking about the consequences if their information fell into the wrong hands," said Neil Fisher of IAAC.
The CVs that were submitted contained an average of eight different pieces of information that might have been useful to an identity fraudster.
The most common ones were full address and date of birth. One application included both a passport and national insurance number.
"We advise everyone not to post personal details on the internet which could collectively be used to clone your identity," said Det Supt Russell Day of the Metropolitan Police.
The most useful items of information for criminals, which should be omitted from an online CV, are date of birth, marital status, and place of birth, according to iProfile.
[http://news.bbc.co.uk/go/pr/fr/-/2/hi/business/7680091.stm]
