The website stored social security numbers for 65,000 current and former employees and resume information of people who had received job offers from the company.
Aetna officials learned of the breach in early May after receiving complaints from applicants who received phony emails that told them they has a job offer or asked for personal information like addresses and telephone numbers.
The job application website, which was maintained by an outside vendor, was immediately shut down. The insurer posted a warning on its main website last week and sent letters offering free credit monitoring to those affected.
Aetna has hired an outside company to investigate the breach.