Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Massive Joblink Breach
News & Analysis

Massive Joblink Breach

ISBuzz TeamBy ISBuzz TeamMarch 23, 2017Updated:July 4, 20244 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Officials  in ten states including Vermont, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine and Oklahoma have all reported a security breach which has accessed the information of the states’ job seekers.  The third party vendor, America’s Joblink Alliance, which operates the Joblink nationwide database has notified the states that the job seeker service had been compromised by malicious software.

While the full scope of the  breach is not yet known, the AP says it’s unknown whether social security numbers were breached, and that officials advise all system users to review bank, credit and debit accounts. IT security experts from Prevalent, VASCO Data Security and NuData Security commented below.

Jeff Hill, Director of Product Management at Prevalent:

jeff-hill“One challenge we encounter when working with companies developing vendor risk management programs for the first time is the simple task of identifying all their vendors.  On the surface, it sounds absurd, but modern organizations utilize myriad services that, at first glance, don’t conform to the conventional notion of a vendor.  The Vermont Labor Department breach and other Joblink Alliance users highlight one example:  a service embedded in the organization’s website.  If we were to ask the vendor risk management team – assuming one exists – at the Vermont, Arkansas or Main agency to list their most critical vendors, it’s unlikely a JobLink would be top of mind.  As these states’ Departments of Labor learned the hard way, sometimes the riskiest vendors are the most obscure.”

Brad Keller, JD, CTPRP, Sr. Director 3rd Party Strategy at Prevalent:
.
Brad Keller“Certainly there is still much more to be revealed about the breach, but one thing is quickly reinforced – breaches may occur at vendors that a company has never identified pose a risk or which needs to be assessed.  Companies need to take a broad look to determine all of the places outsourced risk could strike.”

John Gunn, CMO at VASCO Data Security:

John-Gunn“It is entirely unacceptable that organizations such as this are allowed to violate the public’s trust by not properly securing critical identity information. This is adding injury to misfortune – not only are these people out of work, now they have to worry about identify theft for the rest of their lives. The final insult is the referral to credit monitoring services where the victims can pay for ID theft protection.”

Lisa Baergen, Director of Marketing at NuData Security:

lisa-baergen“While the full scope of the breach is not yet known, what is known is that targeting vulnerable job seekers is awful, and that any breach of personal and/or financial information such as this is of significant concern.

“Whenever such personally identifiable information (PII) is compromised, the looted data may well be cross-correlated with details from other breaches and social platforms to create comprehensive identities that are more valuable to hackers, rendering the victim susceptible to fraud.

“As a society, we’ve reached the point where every organization entrusted with PII should be constantly testing and hardening its external and internal defenses, and embracing more proactive, effective levels of defense such as consumer behavior analytics solutions, which can constantly validate legitimate users – even when the stolen but accurate credentials are presented. That would be the best way to help prevent the sorts of deceitful transactions and identify theft that otherwise may lie ahead for these unfortunate JobLink victims.

Some will be offered free credit monitoring, which can do little if anything to stop thieves from stealing your identity. One tool that consumers can use to protect themselves is to apply a credit freeze, also known as a security freeze. Legislation in the US and UK enables consumers to freeze their credit at the credit bureau level. If you are a victim of identity theft, this is often offered gratis. Otherwise there can be a freeze and thaw charge. A freeze can be applied online, but must be done with all three bureaus, and will effectively prevent any new credit issuance. Anyone attempting to apply for new or additional credit will have the transaction sent for manual review and declined until the consumer unlocks the freeze (thaws the lock), essentially locking out any potential creditors from being able to view or “pull” your credit file.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

The Real Cost of Inconsistent Third-Party Access

December 18, 20255 Mins Read

What Happens When Devices Cross Borders? The Role of Geofencing in Global IT

August 7, 20256 Mins Read

The Evolving Importance of Identity Governance in FinTech

July 10, 20258 Mins Read
ISB-Bora-Side-Bar

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}