1. Is this a new type of cybersecurity attack?
No, this is not a new type of cybersecurity attack. The cause of this incident was a vulnerability within the itviec.com application.
2. How many and what type of user accounts are affected?
We recognized fewer than 5 user accounts that were affected by this incident. There is no common pattern or type of user account.
3. I am an Employer User, will my account also be affected?
No, we do not recognize any incidents affecting employer accounts as a result of this incident, during the incident period and after the root cause has been identified and resolved.
4. If my account was disclosed to another user, what are the risks to me? What are the acts that the other user can perform on my account?
If your ITviec account was disclosed to another user, they may be able to:
- Edit your profile
- See your application histories
- Apply to jobs on your behalf
However, your password would not be disclosed to the other user, as the ITviec system does not show your current password.
5. What should I do when I recognize that I am accidentally accessing in another user’s account?
The ITviec team believes that no user will experience the same issue in the future. But if you observe unusual behavior in your account on itviec.com, please notify us via:
- Send an email to [email protected]
- Or send messages to the inbox of our Facebook Fan Page
Please help us keep track of the issue you encountered by giving us a timeline log description and screenshots (if possible). Our representative will respond within the next 72 hours.
6. What is the process for deleting my account and all associated data?
We understand that you may want to delete your account for a variety of reasons. We respect your decision and want to make the process as easy as possible for you. If privacy concerns led to this decision, please contact us via [email protected] or send inbox message to ITviec Facebook Fan Page for assistance. If not, please access this link for instruction to delete your account.
Your account and all associated data will be deleted within the next 72 hours from the time you complete the steps as our instruction in the link above.
7. When do you recognize the incident?
We recognized the latest case at the end of July 2023. We had received similar inquiries before, but at that time, we believed that we had already addressed the issue and implemented some enhancements on our system. However, when the issue was raised again, we realized that our escalation flow and system needed to be more well-structured. We have since updated our guidelines to detect possible incidents as soon as possible, and to successfully identify the root cause and resolve it.
8. Why does it take almost 3 months to disclose it?
We spent a considerable amount of time investigating to identify the root cause of the incident and to ensure that our communication plan was compliant with all applicable laws and regulations.