Hackers Breached Department of Labor Job Seekers Portal

Share this…

Hackers have breached America’s Job Link Alliance (AJLA), a job portal offered by the Department of Labor (DOL), and stolen personal details from an undisclosed number of job seekers.

AJLA, a multi-state database of US job seekers, acknowledged the security breach through a message on its website.

Hackers stole information from job seekers in 10 states

According to AJLA officials, hackers registered an account on the job portal and then used a vulnerability in the AJLA source code to extract data from other users.

An investigation revealed hackers managed to get access to names, dates of birth, and Social Security Numbers for users in ten of the sixteen states catered by the AJLA portal.

Affected states include Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. Currently, job seekers in Georgia, Indiana, Kentucky, Nevada, New Jersey and Massachusets don’t appear to be affected.

Attack took place on March 12

AJLA said the hacker(s) registered on the site on February 20, but he appears to have launched his attacks on March 12, when AJLA staff first started noticing errors in their system. No malware or other computer viruses were used in the attack, but only a vulnerability in the AJLA portal codebase.

After discovering the intrusion, AJLA staff worked into removing the vulnerability, investigating the attack, and assessing its damage.

AJLA said the vulnerability the attacker used was introduced in its codebase in October 2016 but was patched March 14, two days after the initial attack. Investigators didn’t find evidence it was exploited in the past.

The intrusion was revealed last week, on March 22, after AJLA received the go-ahead from law enforcement, who were also called in to help with the investigation.

The AJLA portal is managed by American’s Job Link Alliance–Technical Support (AJLA–TS), a third-party contractor that has been in business for 50 years. The company said this was its first known intrusion. AJLA is now notifying users who registered on the site before March 14.