Millions of jobseekers from 10 states may have had personal data, including Social Security numbers and birth dates, stolen by hackers.
America’s JobLink Alliance, which manages a multi-state job board network, announced last week that from February 23 to March 14 of this year, a hacker compromised the accounts of possibly as many as 4.8 million jobseekers. In Illinois alone some 1.4 million accounts were accessed, that state’s Department of Employment Security reported.
Each of the 10 separately branded state job boards involved in the data breach are managed by American’s Job Link Alliance–Technical Support (AJLA–TS), a vendor based in Topeka, KS. The service is offered through the U.S. Department of Labor and is used to match employers and employees, as well as to coordinate placement efforts through workforce development programs.
The states affected by the breach are Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.
The AJLA claims that, on February 20, 2017, a hacker used a newly-created job seeker account in AJLA’s system to illegally access the details of various job seekers. The hacker exploited a flaw in the application code’s configuration, which the company has since resolved.
The breach is being investigated by the FBI. AJLA-TS said it has also retained an independent forensic firm to investigate the cause and scope of the activity.
A call center was created by AJLA so people affected could get answers about the incident. From 8 a.m. to 8 p.m. CST, Monday thru Friday, users may call 1-844-469-3939 toll-free or email AJLAincidentresponse@AJLA.net for customer service.
AJLA is also offering free credit monitoring services for those affected. Those being helped will receive an activation code in an email from AJLA in order to access the solution. The email should come in the following week and will include detailed instructions about how to access the services.