Hacker gains info on 1.4M from state online job board
A hacker gained access last month to about 1.4 million job seekers’ personal information on file with the Illinois Department of Employment Security’s online job board, including their names, Social Security numbers and birth dates.
The data breach happened because of a “vulnerability” in the application code of America’s Job Link Alliance, the software vendor that runs IllinoisJobLink.com, according to a statement from IDES.
“The vulnerability was not the result of any deficiency in software maintained by the State of Illinois and may have impacted ten states,” the statement said.
As of Wednesday afternoon, there was no indication that anyone’s information had been “misused,” officials said. America’s Job Link Alliance is offering a year’s worth of free credit monitoring for the affected job seekers.
The breach affects users who created accounts before March 14. The company says the website is now safe to use.
The hacker created an America’s Job Link account on Feb. 20 and exploited the system to view other accounts, according to AJLA, which said it didn’t figure out there had been a breach until March 12. The problem was fixed by March 14.
The company confirmed on March 22 that the hacker had gotten ahold of users’ data and then notified the Illinois Department of Employment Security, which began sending notices to the 1.4 million affected job- seekers via email or letter.
“At present, AJLA has no reason to believe that anyone other than the individual hacker exploited the vulnerability,” the company said.
The FBI is investigating the source of the hack.