America’s JobLink Alliance (AJLA) reported a data breach exposed the sensitive information of job-seekers in at least 10 states. Hackers were able to gain unauthorized access to the names, Social Security numbers, and birth dates of millions of job seekers in their database. According to AJLA the breach occurred between Feb. 23 and March 14, 2017. The breach affects job seekers in the following 10 states Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. According to the Idaho Department of Labor, as many as 4.8 million accounts may have been compromised nationwide.
The U.S. Department of Labor (DOL) provides the Kansas based AJLA to the states but the service is mangaged by a third party. AJLA is used to coordinate federal unemployment and workforce development programs across the country.
AJLA reported that on February 20 a hacker created a new account, then atacked a previously unknown a vulnerability to gain access to job seekers’ information. AJLA technical support said in a statement that it first noticed unusual activity on March 12th, and confirmed the breach on March 21st.
The organization is working with law enforcement and contracted a forensic firm to identify what accounts were affected. “The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA-TS system,” AJLA stated.
The DOL is sending direct notification, via email or regular mail, to all customers whose accounts may have been compromised. The AJLA has also set up a toll-free phone number to call for information; 844-469-3939.