Hackers obtained personal data, including Social Security numbers and birth dates, from a Topeka company that manages information services for workforce agencies in 10 states, officials said Wednesday.
America’s Job Link Alliance, a 50-year-old company, provides a web-based system that links job seekers with employers for Kansas, Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Maine, Oklahoma and Vermont, a press release said.
The hack occurred on March 21 and was discovered by America’s Job Link Alliance Technical Support, the arm of AJL that serves as its national information systems development and support center.
“AJLA–TS confirmed that a malicious third party ‘hacker’ exploited a vulnerability in the AJL application code to view the names, Social Security Numbers, and dates of birth of job seekers in the AJL systems of up to ten states,” a company press release said. “AJLA–TS immediately intervened and deployed its technical team to assess and stop the incursion, disabling the hacker’s access to the AJL systems.”
The team fixed the vulnerability that allowed the attack and the data is no longer accessible to the hacker, the company said. AJLA is working with law enforcement officials to identify and apprehend the hacker. “
An independent forensic firm is completing work to determine how many job seeker accounts may have been viewed and where those individuals are located,” the company release said.
America’s JobLink is one of three products that AJLA provides to workforce organizations. According to the company website, the JobLink services is an “all-in-one labor exchange and case management solution for workforce development organizations” that has four sections, JobLink, ServiceLink, ProviderLink and FiscalLink.
Other products developed and maintained by AJLA, including ReportLink, a data management system, and CertLink, a Work Opportunity Tax Credit management system, were not affected by the hack, the company said.
Kansas officials could not be reached for comment regarding how many Kansas job seekers or employers might be impacted by this data breach.
The Northwest Arkansas Democrat Gazette broke this story Tuesday, based on an anonymous tip, and reported that Arkansas government officials said a malicious virus was found in AJLA’s system and the FBI is assisting with the investigation.
In Arkansas, the data of 19,000 job seekers was at risk, the newspaper reported. It said that AJLA had been in contact with Arkansas’ Workforce Services, but quoted a spokesman who said, “It’s been difficult to get answers out of them lately,” Guntharp said. “We’re starting to grow impatient.”