This is what Monster.com should have done after they were hacked

Written on August 23, 2007 – 9:30 am | by Jim Stroud |

In case you did not know, Monster.com was hacked yesterday; or rather, it was revealed that 1,000,000+ resumes were exploited by hackers yesterday. This is not a new problem, nor one that I see going away as identity theft is (unfortunately) pretty prevalent. I wondered how Monster.com would reply to the news on yesterday and was expecting… something. Unless I missed it yesterday, I did not see it. In my thinking, having 1,000,000 plus records exploited by hackers is a HUGE, HUGE, H-U-G-E deal and the PR spin should have been in 5th gear the moment it broke. I was quite busy yesterday, so (again) maybe I missed it.

So today I decide to pop over to their website to see what I can see, just for mere curiosity sake. And this is what I saw…

Monster was hacked

Hmm… nothing jumps out at me. And this I thought very strange. I scrolled down to the bottom and saw this…

Monster was hacked

Did anything jump out at you? No? Not to me either at first, but as I looked closer, I saw the “Truste” icon at the bottom of the page. That’s good, but is it new? (Somebody tell me? I do not use Monster in my sourcing efforts, so not sure.)

I also looked again and saw the “Security Notice” at the top of the page. It was so blended in to the color scheme that I did not immediately notice it. Bad… If I were a jobseeker with a resume on Monster, I would be concerned by this; especially as the news about Monster being hacked continues to proliferate throughout the blogosphere and news agencies. For all of us with short attention spans hearing about it later, the focus (I think) will be on the words MONSTER.COM and HACKED and then fear on some level will kick in. (Come to think of it, I might have an outdated resume on Monster. I will have to check.)

So I clicked the security notice and I saw some tips on spotting spam and fake ads which is good, but will the average jobseeker take the time to review it? I doubt it. The path of least resistance says I should just delete my records and check the job listings later. (I think your customers would be better served if those examples you have posted were presented as a flash presentation.)

I also saw tips on where to report fraud should I come across it. Okay, that’s nice as well. However, I am somewhat underwhelmed. Why? I think this says, “Whoops, I better cover my (you know)!” instead of what I (and I suspect others) would appreciate, a bit of transparency, an apology that (at least in all appearances) seems heartfelt and an action plan on how it will be prevented in the future.

In case I am going to fast for a certain someone, let me spell out what I would do if I were the Monster.com CEO on the day the “Monster.com was hacked” new stories first hit the fan.

1. Get the CEO to do a quick YouTube video (or Soapbox video) explaining what happenned, what was done to resolve the issue and a promise of an action plan to be presented on Monster.com.

2. Place the video on the homepage and upload it to every video sharing site I can find, then have all of my employees socially bookmark it on sites like Del.cio.us and Diigo.

3. Send an email to every job seeker in the database explaining what happenned and link to the video so they can see how sorry you are that this happened.

4. Scour the web for bloggers bashing you over this and leave a comment on EVERY post that you can find. Invite them all to contact you for further comments on the subject.

5. Create an action plan and post it like a Declaration of War against the evil doers who exploited your site. Offer a cash reward to people who give information that results in the apprehension of the misdeed. For that matter, make the “Monster Career Advice Blog” apology central and thereby get two for the price of one. 1) Convey your desire to keep your job seeker customers and 2) Drive traffic to your blog.

6. After a month has passed (and the hoopla is forgotten), measure your volume of jobseekers still in your database. Trumpet to your clients that despite the faux pas, we still have a bazillion resumes and want to continue giving you good love.

7. Form a coalition with other career sites to meet periodically to combat this scourge that has hit Monster.com today, but will most assuredly hit one of the competitors tomorrow. Shout to the mountain tops that Monster.com is taking a leadership position in this because we are mad as H-E-(double hockey sticks) and are not taking it anymore!!! (Also take the opportunity to flaunt that your efforts are seemingly dwarfing the efforts of other career sites. After all, who else has the guts to take the offensive on this in such a public way?)

Of course, that’s just my two cents worth of advice. I know people better than me, they should ask.

-Jim Stroud

Related Posts

Related Posts

Put your related posts code here

  1. 13 Responses to “This is what Monster.com should have done after they were hacked”

  2. By Stef on Aug 23, 2007 | Reply

    Hi Jim,

    I am siding with you on that one. I’m thinking these 7 steps of advice are the least Monster CEO could do to calm the company “fans” and show some sense of control over the situation to Monster clients and candidates.

    I think a corporate crisis management course should do the job next time :))

    Stef

  3. By sherry heyl on Aug 23, 2007 | Reply

    thanks for the plug!

  4. By David B. Wright on Aug 24, 2007 | Reply

    Jim,

    Excellent recommendations. Any company should know that in a crisis situation, particularly a public one that impacts so many of their customers, it’s better to over-communicate than to keep things mysterious.

    Sure, resumes are posted with the expectation of being made publicly available, so this may not be quite as sensitive or potentially damaging as credit card information or social security numbers. Still, any company that collects customer data has a responsibility to keep that data secure and to take the appropriate actions should any of the data be compromised.

    I wonder if Monster now has an opening for Chief Security Officer? Or a spin doctor like Robert DeNiro’s character in Wag the Dog?

    Keep up the great work!

    Cheers

    David B. Wright
    Author, Get A Job! Your Guide to Making Successful Career Moves
    http://www.TheGetAJobBook.com

  5. By Danny on Sep 3, 2007 | Reply

    I agree, with your tactics and they would grealy soften the effect of the BAD PR.

  6. By Dawn Turner on Sep 5, 2007 | Reply

    I think what happened to Monster helps boost the number of phone calls that recruiters will get from job candidates. Make a phone call and avoid the data security problems all together! :) That’s my story and I’m sticking to it! Good advice to Monster, Jim!

  1. 8 Trackback(s)

  2. Aug 23, 2007: This is what Monster.com should have done after they were hacked (Part 2) « JimStroud.com
  3. Aug 27, 2007: Monster Resume Database Breach, Lebenslaufdatenbank Datenklau, CVtheque, Infostealer.Monstres
  4. Aug 27, 2007: Jim Stroud Has Good Advice For Monster » article » Diggings
  5. Sep 1, 2007: Monsterboard kan toch praten! | Recruitingfacts.nl
  6. Sep 5, 2007: PODCAST - The Recruiters Lounge - Monster, Recessions and Alcohol-free interviews « JimStroud.com
  7. Oct 9, 2007: Recruiting Watch - Today Top Blog Posts on Recruiting - Powered by SocialRank
  8. Nov 18, 2007: Monsterboard kan toch praten! | Recruitment Matters
  9. Nov 30, 2007: De wekelijkse leesmap | RecruitmentMatters

Post a Comment

What is "The Recruiters Lounge?"

The Recruiters Lounge is a blog that explores the wacky world of employment with articles, podcasts, comics, videos and more. It is written by Jim Stroud (and friends). Click here for more information

Want to subscribe?

 Subscribe in a reader Or, subscribe via email:

Enter your Email, then hit the Subscribe me button