Personal details belonging to as many as 4.5 million job seekers have been stolen after hackers targeted recruitment site Monster.co.uk, according to the Times.
The recruitment website revealed that names, passwords, telephone numbers, email addresses and birth dates, were among the information stolen, but it declined to reveal just how many users were affected. It is urging site users to change their passwords immediately.
However, the Times reported that the breach impacted 4.5 million people, making it the largest data theft in Britain since HM Revenue and Customs lost the details of 25 million child benefit recipients in 2007. .
Security analysts warn that these details could be used by cyber criminals to open bank accounts and credit cards.
Gartner research vice president Jay Heiser said the fears that every Monster account holder will have their bank details attacked is an "exaggeration" and the information at Monster.co.uk alone is not sufficient to attack bank accounts.
"The criminal community is hoovering up large amounts of personal info and correlating it, functioning as a sort of underground information bureau," said Heiser. "The fact that most people do use the same password on multiple sites means that if passwords were stolen from Monster (which could only happen if Monster used a very primitive and ill-conceived design), it is possible for that password information from Monster to be made available to attackers, along with information from other sources, in support of attacks against bank accounts."
"The bottom line is that active internet users should have unique passwords for all sensitive sites. The unfortunate fact is that you need a unique password for every critical site, so you need to manage these valuable passwords, which probably means keeping them in an encrypted application."
The Monster breach should also serve a lesson for businesses that software as a service (SaaS) should not be trusted as "safe".
"This should also serve as an example for businesses about putting their fate into the hands of other people. Externally-provisioned products are becoming increasingly popular for business, too, and for good reason. If what you need to do involves information that you can’t afford to lose, or you don’t want stolen, then you need to be given evidence by the service provider that they are taking security into account," he said.
IT security company Sophos claims that four out of ten people use the same password to access multiple websites. This means that criminals behind the data theft could gain access to banking and email accounts.
The Information Commissioner's Office is thought to be investigating the security breach.