Hackers have obtained the personal details of scores of job applicants taken from the government's Universal Jobmatch website in a bid to highlight the site's vulnerability. The leaked data includes passwords, national insurance numbers and even scans of passports.
The Universal Jobmatch website was launched on 19 Nov and is accessed via the government portal gov.uk. It replaces the Jobcentre Plus website, which was exposed by Channel 4 News as being vulnerable to fraudsters in 2011. At the time the Department of Work and Pensions told us each advert would now be "checked for legal compliance" before going live.
The new site allows jobcentre staff to monitor the activity of jobseekers, checking what jobs have been applied for and suggesting new jobs. But there are no security checks performed on the people who post jobs, so our investigation was able to register as an employer in minutes.