America’s JobLink web-based system that links job seekers with employers in Delaware and nine other states was hacked by a third party.
Nearly 253,420 Delaware JobLink users dating back to 2007 may potentially be impacted, including 200,201 of these users whose names, dates of birth and Social Security numbers were potentially breached.
Upon suspecting recent malicious activity, AJL hired an independent forensic firm and brought in the FBI to investigate the breach, which was discovered three weeks after a hacker created a job seeker account in the AJL system.
The hacker exploited a vulnerability in the application code to gain unauthorized access to certain information of other job seekers. This vulnerability has since been eliminated. This is the first such data breach in the 50-year history of AJL.
The Department of Labor is working with the Delaware Department of Technology & Information on the notification to JobLink users and help setting up credit monitoring and fraud alerts. By the week of March 27, AJL will establish a toll-free number for impacted users to call for more information.
Individuals may request a fraud alert and/or a credit freeze on their file. They may also contact the IRS Identity Protection Specialized Unit at 800-908-4490. Visit identitytheft.gov/databreach for additional follow-up steps.