Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

JobLink Breach Affects Job Seekers in 10 States

America’s JobLink (AJL), a multi-state online service that connects job seekers with employers, informed users last week that a malicious hacker breached the company’s systems.

America’s JobLink (AJL), a multi-state online service that connects job seekers with employers, informed users last week that a malicious hacker breached the company’s systems.

The attacker exploited a vulnerability in the JobLink application to gain access to job seekers’ personal information, including names, dates of birth and social security numbers (SSNs). According to AJL, the attacker created an account on the platform and exploited a “misconfiguration” to access information on other users.

Law enforcement has been notified and a forensics firm has been called in to determine the cause and impact of the incident. AJL said the attacker created an account on the application on February 20, and the first signs of suspicious activity were noticed on March 12. The vulnerability, apparently introduced in October 2016, was patched on March 14.

AJL pointed out that the attack did not involve any type of malware, and it did not affect the company’s ReportLink or CertLink products.

The investigation showed that the attacker accessed information on users in Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. These states use the JobLink service to coordinate federal unemployment and workforce development programs.

Individuals who created accounts before March 14 could be affected, and AJL has promised to send out email notifications to individuals whose accounts have been breached within 5-10 business days. Affected users may also be eligible for credit monitoring services.

An investigation has also been launched by the Department of Labor in the affected states, and each state has published information about the breach on its official website. More than 250,000 users could be affected in Delaware, 170,000 accounts may have been compromised in Idaho, while Vermont said the breach could impact up to 180,000 accounts.

StateScoop reported that more than 280,000 accounts are affected in Maine, and the breach could impact as many as 4.8 million accounts across the ten states.

At least one law firm is urging affected job seekers to step forward, which indicates that AJL is facing a lawsuit.

Related: 3.7 Million Exposed in Banner Health Breach

Related: Los Angeles County Notifies 756,000 of Data Breach

Related: 400,000 Records Exposed in Michigan State University Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.