Press Release

America’s JobLink (AJL) Data Incident

TOPEKA, Kan., March 22, 2017 – America’s JobLink (AJL), a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from an outside source. AJLA–TS is developed and maintained by American’s Job Link Alliance–Technical Support (AJLA–TS). AJLA–TS has been in business for almost 50 years; this is the first known intrusion AJLA–TS has experienced.

On March 21st, AJLA–TS confirmed that a malicious third party “hacker” exploited a vulnerability in the AJL application code to view the names, Social Security Numbers, and dates of birth of job seekers in the AJL systems of up to ten states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. Upon discovery of this activity, AJLA–TS immediately intervened and deployed its technical team to assess and stop the incursion, disabling the hacker’s access to the AJL systems.

AJLA–TS is working diligently with law enforcement officials to identify and apprehend the perpetrator. An independent forensic firm is completing work to determine how many job seeker accounts may have been viewed and where those individuals are located. The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA–TS system.

FAQs

Q: What happened?

On February 20, 2017, a hacker created a job seeker account in an America’s JobLink (AJL) system. The hacker then exploited a misconfiguration in the application code to gain unauthorized access to certain information of other job seekers. This misconfiguration has since been eliminated.

America’s Job Link Alliance–Technical Support (AJLA–TS) first noticed unusual activity in AJL via system error messages on March 12. AJLA–TS immediately notified law enforcement, retained an independent forensic firm to investigate the cause and scope of the activity, and fixed the misconfiguration.

Q: What personally identifiable information was the hacker able to see?

The personally identifiable information included users’ names, dates of birth, and Social Security numbers.

Q: Which states were affected?

The hacker was found to have activity in the AJL systems of ten states: Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.

Q: Is the JobLink site now safe to use?

The code misconfiguration was identified and eliminated on March 14 and no longer poses a threat to the AJL systems.

Q: Is law enforcement involved?

Yes. AJLA–TS contacted law enforcement immediately and is currently working with the FBI to identify and apprehend the hacker.

Q: How did this happen?

The code misconfiguration was introduced in an AJL system update in October 2016.

Q: Does the hacker pose a threat to the ReportLink or CertLink users?

No. The code misconfiguration did not pose a threat to the ReportLink or CertLink systems and users.

Q: Why do you need Social Security numbers in the first place?

The federal government requires that we ask for your Social Security number. As the AJL system indicates, however, you are not required to provide it.

Q: How long is data kept in the AJL system?

Data is retained unless requested to be deleted. This is to facilitate federal reporting and UI eligibility requirements.

Q: Can my data be removed from the system?

Yes. Please contact your state-specific AJL help desk for assistance.

Q: I’ve read news stories online about a virus. Was a virus involved?

No. This incident did not involve a virus or any other form of malware.

Q: If AJLA–TS knew about this incident on March 12, why am I only learning about this now?

Notifying potentially affected individuals has been a top priority since AJLA–TS discovered that the error messages we were receiving were due to malicious activity and not a technical issue. Before releasing a public announcement, however, it was important that AJLA–TS identify the misconfiguration and eliminate it from the system. The forensic firm’s analysis required the review of a significant amount of system data. This analysis was needed to confirm that the hacker had actually accessed individuals’ information, so as not to unnecessarily alarm affected individuals. Finally, it was critically important that any announcement not interfere with law enforcement’s investigation.

Q: When will I be notified if my account was breached?

If you have a valid email address on file and your account was impacted by the incident, you will likely be notified by email within five to 10 business days from March 24, 2017.

Q: Do you suspect that my information has been used fraudulently?

We do not have any evidence that your information was actually misused, but we take our obligation to protect your information seriously and wanted to ensure that you received notification as soon as possible.

Q: I am unable to retrieve my user name and password to see if I entered my SSN/ My account has been locked/disabled.

From your state’s JobLink homepage, click Log In/Register. Then click Forgot Username or Password.

To retrieve your username:

To retrieve your password:

If you receive a message that your account has been disabled, contact your local workforce center for assistance.

Q: Does the data incident cover a specific period of time? (e.g., I used the system in 2004. Has my data been breached?)

Job seeker accounts created prior to March 14, 2017 are potentially affected. If you have a valid email address on file, you will likely be notified by email if your specific account was impacted during the incident within five to 10 business days from March 24, 2017.

Q: I have been receiving unwanted phone calls/text messages from recruiters. Is this related?

If you are receiving unwanted phone calls, text messages, or emails from recruiters, it is unlikely that it is related to the security breach. Phone numbers and email addresses were not compromised.

You can report unwanted calls and register your phone number on the National Do Not Call Registry.

Q: What precautions can I take to protect my credit?

While there is no indication that your information has been misused in any way, we recommend that all potentially impacted individuals take the following steps to safeguard their personal information:

Equifax Experian TransUnion
1.800.685.1111 1.888.397.3742 1.800.916.8800
PO Box 740241 PO Box 2104 PO Box 2000
Atlanta, GA 30374 Allen, TX 75013 Chester, PA 19022
www.equifax.com www.experian.com www.transunion.com

Q: Who can I contact with additional questions?

You may contact the AJLA Response Center with additional questions about the incident at 844.469.3939. The Response Center's hours are 8 am CDT until 8 pm CDT Monday through Friday. The Response Center can also assist you with determining your eligibility for credit monitoring as part of this incident.