A hacker was able to steal the sensitive information of 1.4 million people in Illinois, according to the Illinois Department of Employment Security.
America's Job Link, a multi-state web-based system that links job seekers with employers, was hacked in February.
The Kansas-based company says the hacker filled out a fake application, then broke into their system to view the names, social security numbers and dates of births of job seekers in ten states, including Illinois.
The company says they have removed the threat to its system, but the scope of how much information is still be assessed.
Officials from IDES and the Illinois Department of Innovation and Technology say they are working to identify and notify those impacted by this data breach.
The State of Illinois says investigations are currently underway on the full impact of this incident. Illinois JobLink users can contact the AJLA application help desk at 844-469-3939 for more information on possible exposure and suggested security steps.
Other states involved, like Deleware, report the incident put 200,000 of its residents at risk
In a statement, the Illinois Department of Employment Security wrote:
On March 14, 2017, America’s Job Link Alliance - Technical Support (AJLA-TS)learned that a malicious third party “hacker” had exploited vulnerability in the AJL application code that could have permitted the hacker access to the names, social security numbers and dates of birth of job seekers in the AJL systems of ten states, including Illinois. At present, AJLA has no reason to believe that anyone other than the individual hacker exploited the vulnerability. It was not clear whether the vulnerability resulted in actual unauthorized access to any data until AJLA communicated on March 22, 2017 its belief that a breach appeared to have occurred.
Incidents such as these further validate the benefits of an enterprise approach to cybersecurity at the State of Illinois, as announced by the Governor this week. Our strategy will strengthen Illinois’ ability to prevent, identify and resolve security issues for residents and State services.
A technical team from the Illinois Department of Innovation and Technology is working with IDES, AJLA-TS, and the forensic firm to address the situation. AJLA also alerted the FBI, which is currently investigating the matter.
IDES is currently preparing notices to the affected job seekers. The notices will also provide affected job seekers with toll-free numbers and addresses for consumer reporting agencies; a toll-free number and a mailing and website address for the Federal Trade Commission; information on the availability of fraud alerts and security freezes; the toll-free number for a call center that AJLA has set up, to answer questions and offer credit monitoring advice; and an AJLA-maintained web address to which questions can also be directed. AJLA will also make credit monitoring services available to affected individuals. IDES is also evaluating its contract with AJLA to determine its rights.
