Vendor Contracted by Illinois Department of Employment Security Data Breached

Send a link to a friend  Share

[March 27, 2017]  SPRINGFIELD - The Illinois Department of Employment Security notified the Illinois General Assembly of confirmation that one of its vendors experienced a data breach affecting approximately 1.4 million Illinois job seekers, according to the vendor’s current estimate. The vulnerability was not the result of any deficiency in software maintained by the State of Illinois and may have impacted ten states.

“The threat of cyber-crime is a clear and present danger to the citizens of Illinois and our administration will continue pressing forward with a comprehensive cybersecurity strategy,” Eleni Demertzis, Spokeswoman for Governor Rauner. “We implore Comptroller Mendoza to reevaluate her decision to hold up funding for this important project, which everyday puts the people of Illinois at risk.”

In the letter IDES wrote:

On March 14, 2017, America’s Job Link Alliance - Technical Support (AJLA-TS)learned that a malicious third party “hacker” had exploited vulnerability in the AJL application code that could have permitted the hacker access to the names, social security numbers and dates of birth of job seekers in the AJL systems of ten states, including Illinois. At present, AJLA has no reason to believe that anyone other than the individual hacker exploited the vulnerability. It was not clear whether the vulnerability resulted in actual unauthorized access to any data until AJLA communicated on March 22, 2017 its belief that a breach appeared to have occurred.

Incidents such as these further validate the benefits of an enterprise approach to cybersecurity at the State of Illinois, as announced by the Governor this week. Our strategy will strengthen Illinois’ ability to prevent, identify and resolve security issues for residents and State services.

[to top of second column]

A technical team from the Illinois Department of Innovation and Technology is working with IDES, AJLA-TS, and the forensic firm to address the situation. AJLA also alerted the FBI, which is currently investigating the matter…

IDES is currently preparing notices to the affected job seekers…

The notices will also provide affected job seekers with toll-free numbers and addresses for consumer reporting agencies; a toll-free number and a mailing and website address for the Federal Trade Commission; information on the availability of fraud alerts and security freezes; the toll-free number for a call center that AJLA has set up, to answer questions and offer credit monitoring advice; and an AJLA-maintained web address to which questions can also be directed. AJLA will also make credit monitoring services available to affected individuals. IDES is also evaluating its contract with AJLA to determine its rights

[Office of the Governor Bruce Rauner]

Back to top