Handshake security breach affects thousands of university students
Handshake, the university’s job search platform, experienced a security incident last week that directly affected over 8,000 students and alumni.
On Feb. 13, a number of students received a security alert from the university’s Career Center that an unknown party posing as a company on Handshake accessed student resumes. Resumes of 4,003 students and 4,026 alumni that were public on the website were downloaded by the unauthorized party according to Nathan Elton, director of the Career Center.
“We were surprised and deeply disappointed to learn that a public resume download of this magnitude was possible within Handshake’s system, and incredibly sorry for any impact it would have on our students and alumni,” Elton stated in an email.
Resumes frequently include personally identifiable information such as full names, home addresses, phone numbers, educational credentials and past work history.
Elton noted that the default setting for resumes uploaded to Handshake is set to private, with students or alumni having to “opt-in” to make resumes public to employers. While managing documents on the Handshake platform, checking a box that is marked “visible” or accepting a prompt to “feature on profile” effectively makes the document accessible to employers who have registered on the platform.
Potential employers looking to join Handshake are vetted through the platform’s “Employer Relations Team” and the university’s Career Center in a vigorous and multi-step process, Elton stated. Some factors that they evaluate are the employers’ contact information, business license or 501(c)(3) nonprofit status and employer reviews. Last year, the Career Center reviewed almost 7,000 employers with a decline rate of 51%.
Even with these safeguards, the past few years have seen a number of internship scams from fraudulent companies recruiting through Handshake.
“It is important to stay vigilant in researching jobs and any unsolicited contacts. Furthermore, we encourage students to contact us if they have any suspicions about an employer or job posting on Handshake, or if they ever need assistance vetting any employment opportunity that they are considering,” Elton stated in an email.