About 170,000 of the Idaho Department of Labor’s 530,000 job-seeker accounts – active and historical – were compromised by a hacking incident on March 12-13 involving America’s Job Link, a Kansas-based, multi-state system that operates the department’s IdahoWorks job search engine.
The Department of Labor is sending direct notification, via email or regular mail, to all IdahoWorks customers whose accounts may have been compromised. The account information that may have been viewed includes customers’ name, Social Security number and date of birth.
America’s Job Link provides job search services to ten states. A total of 4.8 million accounts within the America’s Job Link system are believed to have been compromised. Other state systems affected include Alabama, Arizona, Arkansas, Delaware, Illinois, Kansas, Maine, Oklahoma and Vermont.
The matter is under criminal investigation by law enforcement. An independent forensic firm hired by America’s Job Link Alliance-Technical Support estimated that 170,000 Idaho-based accounts may have been viewed. According to the forensic firm, the code vulnerability that allowed the unauthorized access has since been eliminated. Idaho accounts created on and after March 14, 2017 were not affected.
Customers whose accounts may have been viewed are being asked to place a "fraud alert" on their credit reports and to notify law enforcement officials if they discover any suspicious activity.
America’s Job Link Alliance is setting up a call center with a toll-free number to answer questions from impacted customers. The number, as well as updated information on the incident, will be available and posted online starting Thursday at labor.idaho.gov/security. The site also includes links to information about how customers can protect themselves from identity theft.