Imagine this common scenario: you’ve been laid off and you need to register with the state to receive unemployment benefits. Part of the requirement today in California is to post your résumé to a state-run CalJobs website. An investigation into the security of that website has uncovered numerous security risks that could easily lead to identity theft for the hundreds of thousands of users.

Tom Diederich was just such a user of the CalJobs site. As part of his requirements to apply for state benefits, he dutifully posted his résumé to the CalJobs site. Then, he saved the page using his browser’s bookmarking feature. The next day, he revisited the page, only to see the résumé of a complete stranger. Further investigations by security experts have found that not only is it simple to pull up the resumes of strangers by tweaking the url address, but you can even edit the information on your screen. Imagine the opportunity not only for a cybercrook to steal your identity and reputation but also for malicious visitors to create havoc among legitimate job seekers by changing important information on their forms.

According to the news report, over 750,000 California residents have posted their résumés to the site. When you consider the rich treasure found in the average résumé (name, address, telephone numbers) and the volume of user data on the site, it is a highly attractive target for cybercriminals who prefer working off of massive databases of stolen information. The security holes have been brought to the attention of the California state officials who manage the site but it’s unclear whether or not users of the site have suffered losses as a result of the situation.