Multi-State Data Breach Exposes Job Seekers Personal Information
Job seekers in ten different states have been notified of a data breach that affected American JobLink Alliance (AJLA) earlier this month.
The AJLA, a multi-state web-based system that links job seekers with employers, provides these services in of Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. While the investigation is still taking shape, officials do know that information like names, birth dates, and Social Security numbers were compromised by a hacker. The criminal(s) created their own Job Link account, then exploited a flaw in the website’s code. This flaw has now been uncovered and repaired, meaning the site is once again in operation, but not before the information was accessed.
So far no one has reported any signs of fraudulent activity related to the breach, but that’s what notification letters are really about. Those who were potentially affected by the breach—and some reports put that number as high as 4.8 million—are urged to monitor their credit reports, or even to place fraud alerts on their reports.
There are some key takeaways from the AJLA’s announcement:
1. Safeguard your data – Why did the AJLA have access to the applicants’ Social Security numbers in the first place? They explained that government regulations require them to request it, but that supplying it is optional. That’s important for all consumers to remember; there are times when companies will ask for your SSN, but make sure they really need it before you hand it over.
2. This wasn’t the work of a virus – Some data breaches involve the use of malicious software to infiltrate a network, but this wasn’t one of those times. That means that simply installing anti-virus software isn’t enough to protect from every kind of threat. Don’t let your technology “safety net” let you down.
3. It took over a week to notify affected individuals – It might seem like a breach that was discovered on March 12th should have made headline news on March 13th, but that isn’t always the most effective way. Law enforcement officials had to be notified and given time to respond before the public could be made aware. It should make us breathe a little easier, though, that a week or so lag is now considered a “lengthy” wait. When data breaches first began to make national headlines, they sometimes occurred months or even years before the public was informed.
4. This is by far not the only data breach to happen this week – Maybe you weren’t affected by this particular incident, but all consumers should behave as though an unknown data breach happens every day. That means monitoring your credit reports and accounts, changing your passwords regularly, and doing your best to safeguard your information. The ITRC also tracks these breaches in our Data Breach Report, updated daily and published weekly: http://www.idtheftcenter.org/Data-Breaches/data-breaches.html
If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.
Read next: Spring Cleaning for your Mobile Device