CCSU Data Breach Is A Good Case For Reforming Online Job Apps

Central Connecticut State University is in both the news and the hot seat this evening after a data breach exposed and possibly compromised over 18,000 folks’ Social Security numbers.

http://www.nbcconnecticut.com/news/local/Data-Breach-at-CCSU-Exposes-Social-Security-Numbers-139471473.html

This caught my eye because what do colleges and employers have in common?  Lots of applications, and these days, probably online applications too.  I’ve been reading various articles on the Glassdoor Blog and other sites about how online job searches should be more tightly regulated and companies should be banned from certain practices that are common with online apps these days, such as requiring a Social Security number on an initial application before you even get an interview.  That absolutely makes sense.  I wouldn’t be surprised if there were cyber-criminals out there actually targeting HR application systems with how awful the economy has been.  When minimum wage McJobs can get hundreds of applicants and people are referring to online job postings as “The Black Hole Of The Internet” because of how abysmal the results of applying for jobs online can be (at least for the unemployed person trying to find a way to not end up broke on the street), corporate IT admins might as well paint a big red bullseye on every online app system out there.

Imagine this:  XYZ Company has an online app server, and it’s not high on IT’s priority list maintenance-wise because after all it’s not very mission-critical compared to other servers that run the day-to-day operations of a company, so if tough decisions have to be made, everything gets lax on the server where most of the data isn’t from customers or employees and could even be in a DMZ on the network because of the massive amount of external data it receives.  :-\  Yeah.  Ugly scenario.  Further complicating things are the points that Liz Ryan brought up in this awesome article on the Glassdoor Blog.

http://www.glassdoor.com/blog/talented-people-hired/

Yes, that’s right.  This would be one reason why I’ve royally backed off on online applications and have mostly focused on print ads and temp agencies to find another job in this area.

“I tell job seekers that applying for jobs online at Monster and CareerBuilder is less reliable, outcome-wise, than playing the lottery. At least the state lottery is legally bound to give someone the prize. Corporations aren’t legally required to give someone the job. They aren’t even legally required to HAVE a job opening, when they run an ad online. “

In this (and many other articles she’s contributed to that site) she hits it completely out of the park.  I’ve heard of that practice before where companies put up fake job openings just to queue resumes, because after all one of the jobs of an HR team is to make sure a facility is understaffed as little as possible (at least according to the operations manager’s numbers and metrics that determine what staffing level the facility will want to run with), and one of the ways you do that is by having a waiting list going so you ALWAYS have replacements available for a position if someone quits or gets fired.  I’m surprised some “regulate-everything-all-over-the-place” politician hasn’t tried to ban these kinds of practices, or did they and lobbyists gave them a little bit of shut up money?  😉

Either way, with these kinds of shenanigans going on, plus apps wanting you to utterly bare your soul in their “vintage 1999 online application form” as Liz cleverly puts it with all fields flagged as mandatory including SSN, and all those SSNs typed in by desperate job hunters, why wouldn’t an online job app system be a HUGE target to nefarious types who’d want lots of SSNs to abuse.  Yet, would it even be news if most of the data was from job applicants and not people currently at whatever site got hacked?  Of course this assumes anyone even tips off the Media in the first place, to say nothing of times where this happens and nobody reports it.  With these kinds of risks I can’t say I’m surprised when I find out identity theft is all over the place these days.  :-\

I once read something online where a retrogamer who collects old systems blamed the whole YouTube retrogaming community on gaming AND non-gaming nostalgia, that the 80s and 90s were happier times than the mess we deal with right now, so not every person seeking out and restoring old systems and games while making YouTube videos about them is just some old gamer looking to bring back the good old days.  With this Orwellian nonsense alongside the Social Media stuff I’ve been doing RadioStyle videos about, can you really blame anyone if they seem to be living in the last millennium instead of this one?  :-\

Links:

For More Liz Ryan Articles On Glassdoor.com visit http://www.glassdoor.com/blog/author/liz/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s