Millions of people in 10 states are at risk of identity theft following a data breach at America’s JobLink Alliance.
Are you one of them?
The multi-state online portal links job seekers with employers. A hacker exploited a flaw at America’s JobLink Alliance (AJLA), based in Topeka, Kansas, that enabled access to the information of job seekers in 10 states that use the third-party vendor, including:
According to a statement released by the AJLA on March 22, 2017, job seekers’ names, Social Security numbers and dates of birth were exposed. The code misconfiguration has since been identified and eliminated (as of March 14), no longer posing a threat.
Vermont Governor Phil Scott held a press conference on March 23 at the State House, along with Labor Commissioner Lindsay Kurrie, and called the data breach “appalling,” according to this Vermont Business Magazine story. The story says that 180,000 or more Vermont Labor Department accounts could be affected.
It’s unclear at this time how many total records were compromised, though this Washington Times story cites it as being in the millions.
“The Illinois Department of Employment Security told the state General Assembly that approximately 1.4 million Illinois job seekers may have been compromised, while Delaware’s Department of Labor said upwards of 250,000 if its own residents may be affected, including individuals who registered online dating back to 2007,” according to the Washington Times story.
The Maine Department of Labor started using the services 9 months ago, and more than 12,000 Maine residents have utilized it since it started, according to this Portland Press Herald story.
So what exactly happened? The AJLA statement explains it like this:
“On February 20, 2017, a hacker created a job seeker account in an America’s JobLink (AJL) system. The hacker then exploited a misconfiguration in the application code to gain unauthorized access to certain information of other job seekers. This misconfiguration has since been eliminated.
“America’s Job Link Alliance–Technical Support (ALJA–TS) first noticed unusual activity in AJL via system error messages on March 12.”
They immediately “notified law enforcement, retained an independent forensic firm to investigate the cause and scope of the activity, and fixed the misconfiguration.”
Any profiles created prior to March 14, 2017 could have been affected, according to the statement.
“If you have a valid email address on file and your account was impacted by the incident, you will likely be notified by email within five to 10 business days from March 24, 2017,” according to the statement.
People with additional questions are encouraged to contact the AJLA Response Center at 844-469-3939, which “can also assist you with determining your eligibility for credit monitoring as part of this incident.”
Are you covered for identity theft?