Officials in ten states including Vermont, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine and Oklahoma have all reported a security breach which has accessed the information of the states’ job seekers. The third party vendor, America’s Joblink Alliance, which operates the Joblink nationwide database has notified the states that the job seeker service had been compromised by malicious software.
While the full scope of the breach is not yet known, the AP says it’s unknown whether social security numbers were breached, and that officials advise all system users to review bank, credit and debit accounts. IT security experts from Prevalent, VASCO Data Security and NuData Security commented below.
Jeff Hill, Director of Product Management at Prevalent:
Brad Keller, JD, CTPRP, Sr. Director 3rd Party Strategy at Prevalent:
.
John Gunn, CMO at VASCO Data Security:
Lisa Baergen, Director of Marketing at NuData Security:
“Whenever such personally identifiable information (PII) is compromised, the looted data may well be cross-correlated with details from other breaches and social platforms to create comprehensive identities that are more valuable to hackers, rendering the victim susceptible to fraud.
“As a society, we’ve reached the point where every organization entrusted with PII should be constantly testing and hardening its external and internal defenses, and embracing more proactive, effective levels of defense such as consumer behavior analytics solutions, which can constantly validate legitimate users – even when the stolen but accurate credentials are presented. That would be the best way to help prevent the sorts of deceitful transactions and identify theft that otherwise may lie ahead for these unfortunate JobLink victims.
Some will be offered free credit monitoring, which can do little if anything to stop thieves from stealing your identity. One tool that consumers can use to protect themselves is to apply a credit freeze, also known as a security freeze. Legislation in the US and UK enables consumers to freeze their credit at the credit bureau level. If you are a victim of identity theft, this is often offered gratis. Otherwise there can be a freeze and thaw charge. A freeze can be applied online, but must be done with all three bureaus, and will effectively prevent any new credit issuance. Anyone attempting to apply for new or additional credit will have the transaction sent for manual review and declined until the consumer unlocks the freeze (thaws the lock), essentially locking out any potential creditors from being able to view or “pull” your credit file.”