America’s JobLink (AJL) Data Incident
TOPEKA, Kan., March 21, 2017 – America’s JobLink (AJL), a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from an outside source. AJLA–TS is developed and maintained by American’s Job Link Alliance–Technical Support (AJLA–TS). AJLA–TS has been in business for almost 50 years; this is the first known intrusion AJLA–TS has experienced.
On March 21st, AJLA–TS confirmed that a malicious third party “hacker” exploited a vulnerability in the AJL application code to view the names, Social Security Numbers, and dates of birth of job seekers in the AJL systems of up to ten states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. Upon discovery of this activity, AJLA–TS immediately intervened and deployed its technical team to assess and stop the incursion, disabling the hacker’s access to the AJL systems.
AJLA–TS is working diligently with law enforcement officials to identify and apprehend the perpetrator. An independent forensic firm is completing work to determine how many job seeker accounts may have been viewed and where those individuals are located. The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA–TS system.
AJLA–TS also develops and maintains ReportLink, a workforce program data management system, and CertLink, a Work Opportunity Tax Credit (WOTC) management system. The forensic firm has concluded that the code vulnerability did not affect those systems.
Media and individuals with additional questions should contact Christine Bohannon, Director, AJLA–TS at email@example.com.
Information for Maine JobLink Account Holders, Especially Those Containing Valid Social Security Numbers
New accounts created on or after March 16 are not affected.
Job seeker accounts that include a valid Social Security Number are potentially at most risk. To check this please log into your JobLink account; as long as you were not actively filing for unemployment benefits you can delete your Social Security Number from your JobLink account. You can do this online without calling the department.
Additional information will be sent to the email on file in Maine JobLink to individuals determined most at risk in accordance with state law.
The department recommends that you put a freeze on your credit report if you had a valid Social Security Number in your JobLink account. Maine law allows you to freeze your credit report for free.
A credit freeze will prevent unauthorized parties from accessing your credit report unless you give them specific permission. Freezing your credit will not affect your credit score. The three Credit Reporting Agencies are Equifax, https://www.freeze.equifax.com ; Experian, https://www.experian.com/freeze/center.html ; and Trans Union, http://www.transunion.com/securityfreeze .
It is possible for you to place a free, 90-day fraud alert on your credit reports with the three major credit reporting organizations, and to extend the 90-day alert by calling for an extension after the initial 90 days.
Under Maine law, you are also entitled to a free credit report from the three reporting agencies each year. Detailed instructions for taking these steps are available on the Department of Professional and Financial Regulation’s website, http://www.maine.gov/pfr/financialinstitutions/consumer/credit_report.htm .
Questions can be addressed by calling the Maine Department of Labor at 1-888-457-8883. Due to an expected high call volume, your patience is appreciated.