| 23 March 2017
The third party vendor, America’s Joblink Alliance, which operates the Joblink nationwide database has notified several states that the job seeker service had been compromised by malicious software. The personal information of job seekers in ten states including Vermont, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine and Oklahoma may be compromised. While the full scope of the breach is not yet known, the AP says it's unknown whether social security numbers were breached, and that officials advise all system users to review bank, credit and debit accounts.
As a response John Gunn, CMO, VASCO Data Security said: "It is entirely unacceptable that organizations such as this are allowed to violate the public’s trust by not properly securing critical identity information. This is adding injury to misfortune - not only are these people out of work, now they have to worry about identify theft for the rest of their lives. The final insult is the referral to credit monitoring services where the victims can pay for ID theft protection."
Lisa Baergen, Director of Marketing, NuData Security adds: "While the full scope of the breach is not yet known, what is known is that targeting vulnerable job seekers is awful, and that any breach of personal and/or financial information such as this is of significant concern.
"Whenever such personally identifiable information (PII) is compromised, the looted data may well be cross-correlated with details from other breaches and social platforms to create comprehensive identities that are more valuable to hackers, rendering the victim susceptible to fraud.
"As a society, we’ve reached the point where every organization entrusted with PII should be constantly testing and hardening its external and internal defenses, and embracing more proactive, effective levels of defense such as consumer behavior analytics solutions, which can constantly validate legitimate users – even when the stolen but accurate credentials are presented. That would be the best way to help prevent the sorts of deceitful transactions and identify theft that otherwise may lie ahead for these unfortunate JobLink victims.
Some will be offered free credit monitoring, which can do little if anything to stop thieves from stealing your identity. One tool that consumers can use to protect themselves is to apply a credit freeze, also known as a security freeze. Legislation in the US and UK enables consumers to freeze their credit at the credit bureau level. If you are a victim of identity theft, this is often offered gratis. Otherwise there can be a freeze and thaw charge. A freeze can be applied online, but must be done with all three bureaus, and will effectively prevent any new credit issuance. Anyone attempting to apply for new or additional credit will have the transaction sent for manual review and declined until the consumer unlocks the freeze (thaws the lock), essentially locking out any potential creditors from being able to view or “pull” your credit file.