THE RECRUITMENT website Jobs.ie did not meet requirements of the Data Protection Act when its site was hacked recently and CVs downloaded, the Office of the Data Protection Commissioner said yesterday. However, it found that the website responded to the breach "in an exemplary fashion".

"Throughout the process, Jobs.ie co-operated completely with the conduct of this investigation and has supplied all relevant information and records sought," the commissioner, Billy Hawkes, said.

On March 27th, Jobs.ie, owned by telecoms entrepreneur Denis O'Brien, discovered and fixed a security breach which had resulted in the illegal downloading of jobseekers' personal details.

CVs submitted by applicants were downloaded in bulk through a non-Irish web address using a log-in provided to employers who advertise on the site.

The attack on Jobs.ie is the subject of an ongoing investigation by the Garda. The commissioner said Jobs.ie should be "commended for its actions, on its own initiative, in making immediate contact with all persons affected by the illegal access that took place".

According to people familiar with the online recruitment industry, another Irish website had a similar breach last year. However, it never informed the jobseekers whose CVs were downloaded or the Data Protection Commissioner.

Criminals are increasingly interested in using personal data to carry out identity theft.

Last month, it emerged that four Bank of Ireland laptops were stolen last year, which contained information on 10,000 customers.

The Data Protection Commission found that Jobs.ie failed in two regards. It did not have an appropriate level of security in place to protect the personal data, and it held personal data for longer than was necessary for the purpose for which it was provided (that is, finding a job).

Jobs.ie has subsequently put in place additional security measures which it claims will "prevent any repetition of the incident".