American JobLink Alliance (AJLA), a web-based system that connects jobseekers to employers across the United States, recently reported a data breach affecting an estimated 4.8 million individuals.
The breach, caused by a hack, left jobseekers’ names, Social Security numbers and birthdates exposed. Hackers gained access into the company’s system by creating an account with the company, then exploited a vulnerability in the online application’s code.
The breach’s nationwide impact affected victims in ten different states.
Scope of Breach
On March 12, AJLA’s tech support team received system errors that indicated suspicious activity on their systems. The incident was reported to law enforcement, and a third-party forensic team helped determine the scope of the breach.
Investigators confirmed the suspicious activity on March 21, and the breach was publicly announced the next day. The investigation determined that anyone who had created an account, used their services or received insurance benefits through AJLA within the last four years may have been compromised. However, the AJLA announced the vulnerability had been fixed and that accounts created after March 14, 2017 were not impacted by the breach.
“As a society, we’ve reached the point where every organization entrusted with [personally identifiable information] should be constantly testing and hardening its external and internal defenses, and embracing more proactive, effective levels of defense such as consumer behavior analytics solutions, which can constantly validate legitimate users – even when the stolen but accurate credentials are presented.”
– Lisa Baergen, NuData Security Director of Marketing
Source: ERE Media
The company’s national reach made this breach especially serious because hackers accessed user data from ten different states: Alabama, Arizona, Illinois, Arkansas, Delaware, Idaho, Kansas, Maine, Oklahoma and Vermont. Although two of the ten states have an unknown number of compromised victims, most states that reported estimated figures averaged between 100,000 to 400,000 individuals affected.
Illinois was the most affected with approximately 1.4 million users within the state compromised by the breach. On the other end of the scale, Arkansas only saw 19,000 impacted. However, the severity of the breach is also affected by the type of information breached – Social Security numbers being the most valuable piece of information from a hacker’s point of view. No matter how many records were affected, the information exposed indicates that victims may face more serious issues down the road such as fraud and identity theft.
AJLA stated in its press release about the breach that it would offer free credit monitoring services to those affected. Click here to visit AJLA’s Q&A section regarding the breach event.
What should you do?
If you’ve been affected by this breach, here are a few actions you can take:
- Remove your data from AJLA’s systems. To do this, AJLA has instructed you to contact your local AJLA office for further assistance.
- Review your credit reports and keep an eye out for suspicious activity on your bank accounts. The compromised information in this breach could allow hackers access to your accounts and make unauthorized purchases or create new accounts under your name. If you notice any inconsistent activity on your accounts, contact your bank immediately.
- Place a credit freeze on your credit file. This gives you an extra layer of protection by requiring additional verification to open new lines of credit under your name.
Continue following Fighting Identity Crimes to stay up-to-date on the latest breach and scam news, as well as timely tips from our industry experts on protecting your identity and personal information.