America’s JobLink Alliance Data Breach Investigation (10 States Affected)

Date12 Mar 2018

Comment0

CategoriesConsumer Protection, Employment & Technology Archive

Investigation of the America’s JobLink Alliance Data Breach Continues

Kehoe Law Firm, P.C. continues its investigation of America’s JobLink Alliance (“AJLA or “AJL”), “a multi-state web-based system that links job seekers with employers,” which announced on March 22, 2017 that it was “the victim of a hacking incident from an outside source.”

America’s JobLink stated that on March 21, 2017, “[America’s Job Link Alliance-Technical Support] confirmed that a malicious third party ‘hacker’ exploited a vulnerability in the AJL application code to view the names, Social Security Numbers, and dates of birth of job seekers in the AJL systems of up to ten states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.”

The AJLA Data Breach – What Occurred & What Personally Identifiable Information Was Compromised?

On February 20, 2017, according to AJLA, “a hacker created a job seeker account in an America’s JobLink . . . system. The hacker then exploited a misconfiguration in the application code to gain unauthorized access to certain information of other job seekers.” The code misconfiguration, which AJL says was identified and eliminated on March 14, 2017, was “introduced in an AJL system update in October 2016.” AJLA disclosed that “unusual activity” was “first noticed” through “system error messages” on March 12, 2017 by America’s Job Link Alliance-Technical Support.

AJL systems in the 10 aforementioned states were exploited by the hacker, but the code misconfiguration did not threaten systems and users of ReportLink or CertLink.

Impact of the AJLA Data Breach – “Millions of job seekers likely compromised”

Washingtontimes.com reported that “local reports indicate potentially millions of job seekers may have had their personal information compromised.” Reportedly, “approximately 1.4 million Illinois job seekers may have been compromised, while Delaware’s Department of Labor said upwards of 250,000 . . . residents may be affected, including individuals who registered online dating back to 2007.” Further Washingtontimes.com reported that “[a] representative for the Arkansas Department of Workforce Services said an estimated 19,000 residents there were affected, and Oklahoma has put its figure at over 430,000.”

KCUR.org published an article which reported that “[h]ackers who breached a Kansas Department of Commerce data system used by multiple states gained access to more than 5.5 million Social Security numbers and put the agency on the hook to pay for credit monitoring services for all victims.” Additionally, KCUR.org reported that besides “the 5.5 million personal user accounts that included SSNs, about 805,000 more accounts that did not contain SSNs were also exposed.”

For additional information, please see “Significant Data Breach Impacts Job Applicants in 10 States.”

America’s JobLink Data Breach Victims Whose Personal Information May Have Been Illegally Compromised or Misused

If you established an America’s JobLink account, entered personal information on AJLA’s website, have received a notice that your personal information may have been compromised or believe your personal information has been stolen or used illegally, please contact Kehoe Law Firm, P.C., Michael Yarnoff, Esq., [email protected], (215) 792-6676, Ext. 804, for a free, no-obligation evaluation of your potential legal rights.