Companies should be forced to admit security breaches when hackers steal sensitive information, according to one legal expert.

Ross Patel, a director of Burtons Digital, a division of law firm Burton Copeland, told Recruiter that legislation should be introduced in the UK to force organisations to admit security breaches to the police and to those who have been victims of the theft.

Patel was speaking to Recruiter following the theft of information at Monster in the US, where a software program was used to steal about 1.6m users' entries on the employers' section of the site.

"Are we looking at the tip of the iceberg here?" Patel asked. "There is a strong argument to suggest that this is happening a lot more, because companies don't like to admit breaches — client confidence is a fickle thing."

Although there is such a law in the US, there is nothing on the books over here. Those who handle sensitive information are merely required to register with the Information Commissioner's office, which is responsible for regulating and enforcing laws relating to sensitive information.

"I would like to see some responsibility placed on those who handle personal information to reveal breaches," added Patel. "Currently when it happens, there is no obligation to tell anyone about it."

Data protection specialist Cyber-Ark contends that the hack might just be the start of possible problems for Monster.

Calum Macleod, the European director for Cyber-Ark, said that the hackers may use the personal details of Monster members to commit identity theft crimes, which could lead to a number of lawsuits board.

Macleod suggests a solution to avoid history repeating itself. "Modern encryption and digital vaulting techniques mean that personal information uploaded to a site such as Monster.com need only be decrypted when the database is interrogated."



Monster protection



As Recruiter went to press, Monster Worldwide revealed that it was working on plans to deal with future security threats. A spokesperson for Monster in the UK told Recruiter that it would be included in these universal plans.

In a statement, Monster said: "Protecting our users from malicious activity is one of Monster's top priorities. The company is committed to utilising all of its available resources to remedy the situation and to protect the data provided to us by jobseekers. We value these relationships and the trust that employers and jobseekers place in Monster. We will continue to share information and updates on this situation as available."

The job board is also contacting jobseekers affected by the security breach about precautionary steps to protect themselves from any fraudulent emails claiming to be from Monster and asking for personal details.