According to an America’s JobLink Alliance (AJLA) press release, millions of job-seekers in at least 10 states may have had their sensitive information accessed by hackers. The incident allowed unauthorized access to the names, Social Security numbers, and dates of birth of persons in their database. The access occurred between Feb. 23 and March 14, 2017.
The 10 states that are impacted by this incident (so far) include: Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont.
The AJLA service is offered by the Department of Labor (DOL) and is managed by a third party. Kansas-based AJLA is used to coordinate federal unemployment and workforce development programs across the country.
According to FAQs on the AJLA press release: “On February 20, 2017, a hacker created a job seeker account in an America’s JobLink (AJL) system. The hacker then exploited a misconfiguration in the application code to gain unauthorized access to certain information of other job seekers. This misconfiguration has since been eliminated.
America’s Job Link Alliance-Technical Support (ALJA-TS) first noticed unusual activity in AJL via system error messages on March 12. AJLA-TS immediately notified law enforcement, retained an independent forensic firm to investigate the cause and scope of the activity, and fixed the misconfiguration.”
National and Local Coverage of Data Breach Incident
The coverage of this incident has been widespread and will likely grow much further. The diversity of how this story is reported is fascinating and an important aspect of this security incident that state and local technology and security professionals need to take note of. Here are some of the news headlines:
Washington Times: Millions of job seekers likely compromised by massive employment services breach — “The FBI has reportedly launched an investigation upon being notified this week of a recent breach suffered by America’s Job Link Alliance (AJLA), an online portal used to connect job seekers in several states with potential employers.
The portal was breached last month for the first time in its nearly 50-year history after an unauthorized party exploited a vulnerability in its online system, it said in a statement Wednesday.”
Burlington Free Press: Data Breach Could Affect thousands in Vt. — “Up to 180,000 Vermont accounts on a state vendor’s job search website may have been compromised in a data breach, Gov. Phil Scott announced Thursday, making the breach much larger than previously believed.”
Central Illinois Proud.com: Data beach affecting more than a million Illinoisans — “The Illinois Department of Employment Security says one of its vendors experienced a data breach, affecting approximately 1.4 million job seekers in Illinois.
The vendor says the vulnerability wasn’t a result of deficiency in software maintenance by the state, and 10 states may be impacted.”
WHNT.com: AJL offers free credit monitoring after data incident affecting Alabama job seekers — “A recent security breach of the America’s JobLink (AJL) system, an online job database, has possibly caused Alabamians’ personal information to be exposed. The site, www.joblink.alabama.gov, is maintained by America’s Job Link Alliance.
Now, AJL has established a call center to answer question from those affected. 1-844-469-3939 is the toll-free number, and you can call from 8…