America’s JobLink (AJL), a multi-state web-based system that links job seekers with employers, announced on March 22, 2017 that a “malicious third party hacker” gained access to AJL systems. AJL stated that the hacker “exploited a vulnerability in the AJL application code” to view job seekers’ names, Social Security numbers, and birth dates. The breach may have compromised personal information of individuals in at least ten states, including: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.
Government agencies in each of these states have set up their own JobLink webpages as “members” of the AJL system. These state agencies include: Alabama Department of Labor, Arizona Department of Economic Security, Arkansas Department of Workforce Services, Delaware Department of Labor, Idaho Department of Labor, Illinois Department of Employment Security, Kansas Department of Administration, Maine Department of Labor, Oklahoma Employment Security Commission, and Vermont Department of Labor.
Were you exposed in the America’s JobLink Data Breach?
If you created an account on any of the following JobLink websites, your personal information may have been stolen:
- Alabama JobLink
- Arizona Job Connection
- Arkansas JobLink
- Delaware JobLink
- Illinois JobLink
- Maine JobLink
- Vermont JobLink
Know your rights. For a free consultation about your potential privacy case, contact a data breach attorney toll-free at (800) 254-9493.
Hacker Exposes “Misconfiguration” in America’s JobLink Application Code
According to AJL, the data breach occurred on February 20, 2017. A hacker created a job seeker account on an AJL system, and then exploited a “misconfiguration” in the application code to gain unauthorized access to the personally identifiable information of other job seekers on the site. AJL first became aware of the data breach on March 12, when its technical support team noticed “unusual activity” via system error messages.
The code misconfiguration that allowed the hacker to gain unauthorized access had been on the AJL system since October 2016.
Job Seeker Accountholders May Be Contacted by America’s JobLink
Any job seeker accounts created prior to March 14, 2017 are potentially affected. AJL has announced that it is trying to determine precisely whose records were compromised and will notify those individuals via email between March 31 and April 7. AJL states that the attack has “been remediated and is no longer a threat” to AJL’s database.
Talk to a Privacy and Data Breach Lawyer
If you have an account with America’s JobLink and believe your personal information may be at risk, contact our data breach lawyers for a free, confidential consultation about your privacy rights by calling toll-free (800) 254-9493 or filling out the form.