Department of Labor database breach exposes info on job seekers in 10 states

file.jpeg

The breach of a Department of Labor database system may have exposed personally identifiable information on job seekers throughout 10 states. 

America’s JobLink, which is developed and managed by the Topeka, Kansas-based America’s Job Link Alliance–Technical Support, is a multi-state web-based database that connects users with employers through state and local workforce agencies and federal unemployment programs.

On March 12, 2017, system error messages alerted AJLA-TS to unusual activity, which was revealed to be a hacker that had created a profile on Feb. 20 then exploited a misconfiguration in the application code to gain access to potentially hundreds of thousands of individuals’ information.

Among the data stored by AJLA-TS are names, dates of birth and Social Security numbers.

In total, unauthorized activity was found in AJL systems in Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont.

Following the identification and remediation of the misconfiguration on March 14, AJLA-TS notified potentially affected individuals and coordinated with law enforcement, the FBI and an independent forensics firm before making a public statement about the breach on March 22. The scope and location of all viewed accounts is still being verified. 

No misuse of the exfiltrated information has been reported, but AJLA-TS has recommended users monitor credit reports for suspicious activity. Efforts to apprehend the hacker are ongoing. This is the first known AJLA-TS intrusion, and the system has been deemed safe to use.

A press release on the data incident, with FAQ, can be viewed at AJLA.net