Too Much Information

UPDATE  5/24/2023   I saw this banner on the Blackbaud career page and I thought it was worth sharing.. it covers everything I talked about below.

Original Post:

So a recruiter contacts you about an exciting opportunity and wants to present you as a candidate and asks for your updated resume.  This is pretty normal, God only knows what resume they found that initiated contact and if you're actively looking for work, you want the best one going to the client.

But then they want:

• Date of Birth

• Full Legal Name

• Social Security Number

• Copy of your Photo ID

At this point if you work in Cyber Security your alarm bells should be going off.  If not, you should probably find new work because you're 100% going to be the guy who clicks the link, runs the malware, or hands out the password in an email that brings your company down.  You simply don't have the instincts for it.

This recruiter may be 100% legit.. but this is inappropriate.  Even if he's actually submitting this (most likely in unencrypted email) to the actual client:

• The client has now become the custodian of your sensitive PII, as is the recruiter, with ALL of the legal responsibilities for safeguarding the data that accrue.

• The client is likely to purge resumes containing sensitive PII to protect themselves from being said custodian, meaning your resume ends up in the trash anyway.

• No privacy policy has been disclosed.

• You have no idea what safeguards will be in place.. apparently ZERO as they want you to email it to them IN THE CLEAR!

• When they get breached, or a recruiter walks out the door with 1000 applicants data on a thumb drive and sells it on the Darknet, you are almost guaranteed NOT to get a breach notification.

• By demonstrating ZERO cyber security awareness, the client should immediately ban this recruiter from submitting applicants.

• The potential for misuse of your sensitive PII is enormous

• If in Europe, some GDPR laws could be broken

I spoke with a friend who owns a company that does government contracting and regularly gets approached by recruiters with candidates about this.  He said absolutely not!  They neither want nor solicit this sensitive PII from recruiters.  IF you are hired, then the I9 verification kicks in as part of your onboarding, ONLY THEN do they want it.

So, then why does the recruiter need this information if the clients don't want it?  They say the client requires it, but that's unlikely, so why?  That should be the $10k question you're asking.  With all the legitimate recruiters out there, don't walk.. RUN away from these guys.

ROGUE'S GALLERY

West Advanced Technologies, Inc www.wati.com LINKED IN  

"Our acclaimed practices in Cybersecurity, Data & Analytics, Project & Program Management, and Consulting are each led by experts with mature delivery frameworks and developing steadily growing team of certified & experienced consultants."

-------------------------- sent from their recruiter ---------------------------------------------------------------

Details needed to submit to the client:

Rate:

Full Name:

Email ID:

Phone Number:

Availability:

Current Location:

Visa Status:

Last 4 digits of SSN:

Bridgewater Consulting Group, Inc. www.bridgewcg.com

Remember, this information is to present you to a client.. and they repeatedly insisted they MUST have this information.

Please check the details and let me know If any changes required:  

Full Legal Name                  :      

Phone Number                          :     

Email Address                    :      

Work Authorization               :       

Current Location                  :      

Available to Start/Notice             :     

Interview Availability              :     

Best time to call                    :    

SSN Last 4 Digits                   :      

DOB (MM/DD)                           :    

And the company claims to be in CA:

Bridgewater Consulting Group, Inc. - MBE  

18881 Von Karman Avenue, Suite 1450 

Irvine CA, 92612 

C: 949-539-8966 

But their business number is the cell phone of Long Hoang Nguyen in Indiana.

Cynet Systems https://www.cynetsystems.com/ LINKEDIN  

When they sent this requirement I questioned why they needed a copy of my ID just to present my resume to a customer and they disconnected from me on Linked In.  Not scammy behavior at all.

Please provide below details:-

·  Legal Name (as appears on your ID):

·  Cell Number / Home Number:

·  Email id (personal and official):

·  Work Authorization:

·  Current Location:

·  LinkedIn ID:

·  Skype ID( Mandatory )

·  Availability to Start on a new Assignment:

·  If not Local: Willing to relocate/travel at your own expense:  N/A or YES / NO :

·   Provide me with your Photo ID :

·  Best time to reach you :