The breach affected approximately eight percent of the two million USAJobs.gov users, OPM announced in a news release on Wednesday.
Monster administrates the USAJobs.gov website for OPM, the agency in charge of the civil service.
Information breached in the attack includes names, email addresses and telephone numbers. No Social Security numbers were compromised, according to OPM.
The breach was part of a multi-layered attack on Monster, in which hackers used credentials to access the site, then spread a trojan to capture names, email addresses and telephone numbers of job seekers.
That stolen information was used to deliver spear phishing emails to job seekers, requesting financial details or recruiting individuals to join the scam.
Experts have told SCMagazine.com that such multi-layered attacks will become more common in the future.
OPM published a security notice on USAJobs.gov and reminded users that they will not be asked to provide personal information in unsolicited emails.
Users of the website who receive phishing emails should report them to
mayday@fedjobs.gov, according to OPM.
OPM is sending letters to all affected subscribers.
OPM spokesman Peter Graves told SCMagazine.com that the agency should complete email notification of all 2 million users today.
Monster officials said this week that they’re beefing up security measures in response to the recent data theft that exposed the personal information of 1.3 million subscribers.