America’s JobLink, a web-based system that connects job seekers and employers, revealed its systems were breached by a hacker who exploited a misconfiguration in the application code. The criminal was able to gain access to the personal information of job seekers, including full names, birth dates, and Social Security numbers. Activity was uncovered in the ten states that use the America’s JobLink system: Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.
In a press release, America’s JobLink said it first noticed unusual activity on March 12, 2017. Law enforcement was immediately notified and an independent forensic firm was hired to investigate the cause and scope. On March 14, the code misconfiguration was discovered and eliminated; the company says the code misconfiguration was introduced into the system in October 2016. Anyone who had an account with America’s JobLink before March 14, 2017 may have been affected and had their personal information compromised.
As for why it took America’s JobLink nine days to announce the breach, the company said it needed to first identify the misconfiguration through a review of a significant amount of data, and then eliminate it from the system. It wanted to be sure the hacker did access the information of individuals before an announcement was made that could potentially alarm the public.
It’s been reported that a total of 4.8 million accounts within the America’s JobLink system could have been stolen, but some local news sources in the affected states have supplied state-specific numbers:
Currently, there’s no evidence any job seekers have had their information used fraudulently. However, if you were impacted by this breach, America’s JobLink says you will likely be notified by email within 5 to 10 business days from March 24, 2017. In the meantime, you may want to consider a credit freeze, keeping an eye on your credit report and financial statements, and investing in 24/7 identity theft protection.