Vermont Business Magazine Officials from the Vermont Department of Labor (VDOL) are continuing to keep the public informed on their ongoing review of a data breach on the standalone, web-based database, America’s Joblink Alliance (AJLA), since learning of the breach on March 15. AJLA informed ten states, including Vermont, that a system modification implemented in October 2016 created a vulnerability in the system. As previously reported, AJLA had become aware of the attack on, or around, March 12 and corrected the vulnerability before notifying the states impacted by the breach. AJLA immediately hired RSA Security, LLC, an independent security specialist, to investigate the breach. Both RSA and AJLA have provided assurance to the 10 states impacted by the breach that the vulnerability has been fixed.
The breach compromised as many as 182,000 accounts in Vermont and 4.8 million accounts across 10 states. The breach potentially exposed personal information, including name, date of birth and social security number. For Vermont, these are accounts entered into Vermont Joblink over a 14-year period. Some users voluntarily register, and others are required by VDOL to register for the program.
VDOL continues to communicate daily with AJLA and the other affected states since being notified of the data breach. “We have collectively pushed for AJLA to notify individuals who may have been compromised, as well as to offer credit monitoring, as it has been our top priority to inform and protect those impacted individuals. The vendor has agreed to both. We also continue to demand AJLA provide credit protection in addition to monitoring,” said Kurrle.
AJLA has assured VDOL that emails to any individual with a valid email address in the Joblink database will go out beginning on Friday, March 31,and will continue through the following week. The email notification will outline the details of the breach as well as provide a point of contact. VDOL recommends that anyone who has used Vermont Joblink over the last 14 years, monitor for this email and call AJLA’s toll free helpline at 844-469-3939, if no email is received by the end of next week.
The Department has reviewed the contract with the vendor to determine terms. The vendor has been used by the State since 2003, and was last renewed in July 2016. The contract was established at that time. The vendor continued to be paid throughout 2016, but the contract was not executed until February 6, 2017, by Commissioner Kurrle.
The contract, which is called an Intergovernmental Agreement, is between the Vermont Department of Labor and the Kansas Department of Commerce – AJLA-TS. AJLA-TS is a part of the Kansas Department of Commerce, and contracts with States to provide the JobLink software. The term is July 1, 2016 to June 30, 2017. The Governor has directed VDOL to issue an RFP and put the contract out for bid.
AJLA’s Joblink system is a standalone system and is not linked to any other State of Vermont system. JobLink is a database that is used by the Vermont Department of Labor, and nine other states, to help job seekers perform job searches and create and post resumes. When a person files for Unemployment Benefits, VDOL requires them to sign up in Vermont’s Joblink as well as to perform regular job searches unless they have a return to work date inside 10 weeks.
Source: Montpelier, Vt. – VDOL 3.29.2017