As if the unemployed living in a state with the fourth highest unemployment rate need another worry, a recent security flaw in the CalJobs website has put millions of unemployed Californians at risk for identity theft.
An investigation by CBS5 uncovered a gaping hole that would allow third parties to access resumes and other personal information from CalJobs users. Douglas Tygar of UC Berkley’s computer science department found that by changing a few numbers in the CalJobs URL, he was able to access and change information on people’s resumes.
The security breach is particularly unsettling considering that a requirement for unemployment benefits in California is that applicants post a resume on CalJobs.
The breach is not the first attack on unemployment related websites. In January of this year, Monster.com reported a security breach, which compromised the personal information of numerous users. Fortunately, the attack did not target users’ resumes. Monster promised to address their security issues shortly after the attack, though the promise is suspect considering they were already the victim of a similar hack in August of 2007
San Francisco County has an unemployment rate 10.1 percent. With roughly 571,136 residents within the prime working ages of 18-65, that means that up to 57,000 unemployed San Franciscans could be at risk for identity fraud.
CalJobs told CBS5 in an email that they were “currently looking into the web site security concerns.”