WorkForce West Virginia has revealed that its Mid Atlantic Career Consortium Employment Services (MACC) database was breached earlier this year, but says it has now been secured.
The state government agency oversees West Virginia’s unemployment insurance program, as well as operating a workforce development services including the MACC job seekers’ database – the largest online database of job seekers and job openings in the state, it says.
Incident
Workforce says that when it learned of the breach, on April 13, it immediately took the system offline and investigated. The agency has hired a professional third-party forensic firm to manage on-going risk mitigation.
No files were downloaded, extracted or manipulated, it says.
However, on May 14, the investigators discovered that some personal information stored in the job seekers database was potentially accessible, including name, address, phone number, date of birth and Social Security number.
The agency hasn’t revealed how many people may have been affected.
Workforce has contacted everybody whose information may have been accessed and given them the phone number (1-855-537-2138) for a specialist response team at the forensic firm. It adds that it’s introduced “additional technical safeguards”.
“Mitigating any potential risk for constituents continues to be our top priority,” says Scott Adkins, acting commissioner of WorkForce West Virginia.
“Constituents should follow the guidance provided in the letter they received from WorkForce if they have any questions.”
Hatchet job
A number of job seekers’ websites have been breached over the last year or so. In Singapore, for example, job-matching institute e2i revealed in April that the personal details of 30,000 people may have been illegally accessed, following a security breach.
A year earlier, US job portal Ladders was found to have exposed the profiles of 13 million job seekers, thanks to an unprotected AWS Elasticsearch database.
And in an even larger breach, security firm Cyble discovered last year that the personal data of 29 million job seekers was available on the dark web for free.
The data, said Cyble, appeared to have been harvested from a resume aggregator service that collects data from different job portals in India.
Source: https://portswigger.net/daily-swig/west-virginia-job-seekers-alerted-to-govt-employment-agency-data-breach