Data Breach in Kansas Steals SSNs in Ten Other States
Big Data means big money, whether that’s for advertisers, industries… or cybercriminals. As one state government agency in Kansas has learned the hard way, access to complete data sets for millions of people at a time can put entire networks and servers in the hackers’ crosshairs.
A Kansas Department of Commerce data system suffered a data breach earlier this year, and while exact numbers of stolen consumer records aren’t exact, there were more than five million individuals’ complete identifying information—meaning birth dates, Social Security numbers, and other data pieces—stored in the system. Another 800,000 or so individuals had profiles that are also believed to have been accessed, but those records didn’t contain Social Security numbers.
The system, operated by America’s Job Link Alliance-Technical Support, is a multi-state web-based system developed to, enable users to create an employment profile and search job openings. As a result of this data breach, the state of Kansas is covering the cost of one year of credit monitoring for all of the affected individuals, except for those who reside in Delaware. That state’s contract with the Department of Commerce requires three years of credit monitoring in the event of a data breach like this one, which Kansas will provide.
Unfortunately, not all of the affected individuals have been notified of the breach. The state used an email notification letter, which is allowable under Kansas law, but not all of the consumers listed an email address in their profiles. Only an estimated 260,000 or so victims have received notification, and according to the law in that state, officials do not have to notify victims through mailed letters or phone calls.
This example highlights a growing problem for consumers, which is namely that they have no control over their data once they release it to another party. For that reason, it’s important to think before submitting: who will be able to access this information? how will it be stored? how will it be protected? If you cannot receive satisfactory answers to those questions, be cautious about what data you hand over.
Also, as this database of information was in relation to a job search site, it’s worth noting that applicants typically shouldn’t provide their Social Security numbers at the time of a job hunt or interest application. That information won’t be required until a job offer is already under consideration, such as requesting it for new hire forms or a required background check.