The theft of personal information from some 1.3 million users of the Monster.com job search service first revealed two weeks ago was not a one-time attack, the company's CEO said Wednesday.
"The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity," Sal Iannuzzi, the chairman and CEO of Monster Worldwide, said in a statement.
In an interview with Reuters, Iannuzzi also acknowledged that the most recent breach may have been substantially larger than the 1.3 million users the company said earlier had been affected.
"It could easily be in the millions," Iannuzzi told Reuters. He did not spell out when other attacks had taken place or even how many might have breached the company's security.
Iannuzzi was divulging the prior attacks, he said, to give all Monster.com users fair warning. "Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to all Monster job seekers regarding this issue."
A second statement released by the company Wednesday reiterated its inability to tell users whether their information had been compromised. "Despite ongoing analysis, the scope of this illegal activity is impossible to pinpoint," the company said.
On 17 August, Symantec security analyst Amado Hidalgo told Monster that he'd found the names, email addresses, home addresses, phone numbers and resume identification numbers representing more than a million of its users on a hacker-controlled server hosted in Ukraine. Hidalgo theorised - and several days later, Monster confirmed - that the data had been retrieved using legitimate log-on credentials stolen from recruiters and human resource personnel with corporate Monster.com accounts.