VDOL updates Joblink data breach | Vermont Business Magazine

Vermont Business Magazine Officials from the Vermont Department of Labor (VDOL) are continuing to keep the public informed on their ongoing review of a data breach on the standalone, web-based database, America’s Joblink Alliance (AJLA), since learning of the breach on March 15. AJLA informed ten states, including Vermont, that a system modification implemented in October 2016 created a vulnerability in the system. As previously reported, AJLA had become aware of the attack on, or around, March 12 and corrected the vulnerability before notifying the states impacted by the breach. AJLA immediately hired RSA Security, LLC, an independent security specialist, to investigate the breach. Both RSA and AJLA have provided assurance to the 10 states impacted by the breach that the vulnerability has been fixed.

The breach compromised as many as 182,000 accounts in Vermont and 4.8 million accounts across 10 states. The breach potentially exposed personal information, including name, date of birth and social security number. For Vermont, these are accounts entered into Vermont Joblink over a 14-year period. Some users voluntarily register, and others are required by VDOL to register for the program.

VDOL continues to communicate daily with AJLA and the other affected states since being notified of the data breach. “We have collectively pushed for AJLA to notify individuals who may have been compromised, as well as to offer credit monitoring, as it has been our top priority to inform and protect those impacted individuals. The vendor has agreed to both. We also continue to demand AJLA provide credit protection in addition to monitoring,” said Kurrle.

AJLA has assured VDOL that emails to any individual with a valid email address in the Joblink database will go out beginning on Friday, March 31,and will continue through the following week. The email notification will outline the details of the breach as well as provide a point of contact. VDOL recommends that anyone who has used Vermont Joblink over the last 14 years, monitor for this email and call AJLA’s toll free helpline at 844-469-3939, if no email is received by the end of next week.

The Department has reviewed the contract with the vendor to determine terms. The vendor has been used by the State since 2003, and was last renewed in July 2016. The contract was established at that time. The vendor continued to be paid throughout 2016, but the contract was not executed until February 6, 2017, by Commissioner Kurrle.

The contract, which is called an Intergovernmental Agreement, is between the Vermont Department of Labor and the Kansas Department of Commerce – AJLA-TS. AJLA-TS is a part of the Kansas Department of Commerce, and contracts with States to provide the JobLink software. The term is July 1, 2016 to June 30, 2017. The Governor has directed VDOL to issue an RFP and put the contract out for bid.

AJLA’s Joblink system is a standalone system and is not linked to any other State of Vermont system. JobLink is a database that is used by the Vermont Department of Labor, and nine other states, to help job seekers perform job searches and create and post resumes. When a person files for Unemployment Benefits, VDOL requires them to sign up in Vermont’s Joblink as well as to perform regular job searches unless they have a return to work date inside 10 weeks.

Source: Montpelier, Vt. –  VDOL 3.29.2017

Article source: http://www.vermontbiz.com/news/march/vdol-updates-joblink-data-breach

,

No Comments

New Mexico soon to have data breach statute – SC Magazine

If the governor signs the bill, New Mexico would become the 48th state with a breach notification law.

New Mexico is a gubernatorial signature away from becoming the nation’s 48th state to pass a data breach notification law, according to a post on the website of global law firm Morgan Lewis.

The legislation passed unopposed through the state’s House on Feb. 15 and Senate on March 15 and now awaits Governor Susana Martinez to sign it into law. She has until April 7, otherwise it will be pocket vetoed.

If she signs the bill, New Mexico would become the 48th state – along with four U.S. jurisdictions: the District of Columbia, Guam, Puerto Rico, and the Virgin Islands – to adopt some form of data breach notification law, requiring that an entity notify residents should there be an unauthorized access to their systems or a compromise of personally identifiable information.

The various state laws, while similar in intent, are each unique, “creating a complicated and oftentimes contradictory system,” the Morgan Lewis report stated. Though there have been several attempts in Congress at an overarching federal law, each has been stopped in committee, so companies with business in multiple states must contend with complying with all of the jurisdictions.

Alabama and South Dakota still do not have any similar legislation in place.

Article source: https://www.scmagazine.com/new-mexico-soon-to-have-data-breach-statute/article/647277/

,

No Comments

Call center open for JobLink users impacted by data breach – News …

A call center has been set up to provide assistance to impacted users of Delaware Job Link whose personal information may have been part of a data breach of the American JobLink Alliance website.

Any past user of the website can access the call center by dialing 844-469-3939 from 9 a.m. to 9 p.m. Mondays through Fridays.

The America’s JobLink web-based system that links job seekers with employers in Delaware and nine other states was hacked by a malicious third party between March 13-14.

Nearly 253,420 users dating back to 2007 may be impacted, including 200,201 of these users whose names, dates of birth and Social Security numbers were potentially breached.

DOL staff immediately notified the public and launched its response plan to help impacted users. As part of its response, AJL hired an independent forensic firm and brought in the FBI to investigate the breach, which was discovered three weeks after a hacker created a job seeker account in an AJL system.

The hacker then exploited a vulnerability in the application code to gain unauthorized access to certain information of other job seekers. This vulnerability has since been eliminated. This is the first such data breach in the 50-year history of AJL.

Delaware has contractual agreements with AJL that the state demanded to protect and secure sensitive public information. Specifically, there are contractual conditions to which AJL was required to agree and adhere as the vendor and host of the JobLink site. One of those conditions is, in the event of a breach, AJL agrees to provide three-year free credit monitoring, call center and communications about the breach.

Individuals may request a fraud alert and or a credit freeze on their file. They may also contact the IRS Identity Protection Specialized Unit at 800-908-4490.

For information, contact the Delaware Division of Revenue at 800-292-7826 or 856-5358 or visit revenue.delaware.gov..

Article source: http://www.middletowntranscript.com/news/20170329/call-center-open-for-joblink-users-impacted-by-data-breach

,

No Comments

1.4M affected in data breach at Illinois employment department … – Chicago Sun

A hacker gained access last month to about 1.4 million job seekers’ personal information on file with the Illinois Department of Employment Security’s online job board, including their names, Social Security numbers and birth dates.

The data breach happened because of a “vulnerability” in the application code of America’s Job Link Alliance, the software vendor that runs IllinoisJobLink.com, according to a statement from IDES.

“The vulnerability was not the result of any deficiency in software maintained by the State of Illinois and may have impacted ten states,” the statement said.

As of Wednesday afternoon, there was no indication that anyone’s information had been “misused,” officials said. America’s Job Link Alliance is offering a year’s worth of free credit monitoring for the affected job seekers.

The breach affects users who created accounts before March 14. The company says the website is now safe to use.

The hacker created an America’s Job Link account on Feb. 20 and exploited the system to view other accounts, according to AJLA, which said it didn’t figure out there had been a breach until March 12. The problem was fixed by March 14.

The company confirmed on March 22 that the hacker had gotten ahold of users’ data and then notified the Illinois Department of Employment Security, which began sending notices to the 1.4 million affected job seekers via email or letter.

“At present, AJLA has no reason to believe that anyone other than the individual hacker exploited the vulnerability,” the company said.

The FBI is investigating the source of the hack.

Article source: http://chicago.suntimes.com/politics/1-4m-affected-in-data-breach-at-illinois-employment-department/

,

No Comments

Montana credit union files class action lawsuit against Arby’s over …

Whenever Dillon Kato posts new content, you’ll get an email delivered to your inbox with a link.

Email notifications are only sent once a day, and only if there are new matching items.

Article source: http://missoulian.com/news/local/montana-credit-union-files-class-action-lawsuit-against-arby-s/article_802b10e3-dcf4-5104-8ce2-c662f940a1b8.html

,

No Comments

American Express, Mastercard, Visa fine Rosen Hotels in data breach, lawsuit says

A data breach at Rosen Hotels Resorts last year threatens to cost the company more than $2.4 million, according to Rosen’s insurance company.

Visa and Mastercard have slapped Rosen with $1 million fees. Its insurance company, St. Paul Fire Marine, is refusing to cover the damages, saying Rosen didn’t buy the right policy. And the costs could continue to grow if Rosen faces additional legal claims from customers, according to the lawsuit.

The lawsuit also underscores the fact that commercial liability insurance often doesn’t cover a company for a data breach.

Rosen warned its customers in March 2016 that its payment data “may have been” breached by malware programs that started about 18 months earlier.

According to the new lawsuit, Rosen has since been hit with a pair of $1 million fines from Visa and Mastercard; a $128,830 fine from American Express; $50,000 in attorneys’ fees; $40,000 in costs to send notifications to clients; $15,000 in fees to a crisis-management firm; and a bill for $150,000 to a data-forensics team that identified the breach.

A report sponsored by IBM last year said that the average total cost of a data breach, worldwide, is about $4 million.

The insurance lawsuit was filed Monday in Orlando federal court against Rosen’s sister company Rosen Millennium Technology Group. Attempts to reach Rosen’s spokeswoman about additional questions were not successful. The technology company includes hotel founder Harris Rosen as chairman and president, along with other Rosen Hotels executives.

The insurance company says Rosen had a commercial general liability policy that doesn’t cover the data breach incident, but the lawsuit gives no further reason for St. Paul’s decision.

Rosen Centre on International Drive.

In a news release announcing the breach, Rosen said it had been informed of a “pattern of unauthorized charges occurring on payment cards after they had been used by some of our guests during their stay,” and that “an unauthorized person installed malware” on its payment-card network, which searched for data read from the magnetic strip of payment cards.

Weinberg said it’s possible that Rosen’s customer-payment data was stolen but wasn’t used for a period of time.

Since 2015, the banking industry has recommended using cards with micro-chips instead of magnetic strips. As of October 2015, banks and payment companies have said they will hold merchants liable for stolen data from magnetic-strip cards.

Last year, Rosen said it had implemented “enhanced security measures” to help prevent data theft. It had also set up a dedicated hotline for a period time for customers with questions about the breach.

Got a news tip? [email protected] or 407-420-5660; Twitter, @PaulBrinkmann


Darden buys value-oriented Cheddar's Scratch Kitchen chain

Caption Darden buys value-oriented Cheddar’s Scratch Kitchen chain

Orlando’s Darden Restaurants purchased discount casual dining restaurant Cheddar’s Scratch Kitchen chain for $780 million Monday.

Orlando’s Darden Restaurants purchased discount casual dining restaurant Cheddar’s Scratch Kitchen chain for $780 million Monday.

Lawsuit alleges Rosen Hotels  Resorts not covered for data breach fines

Caption Lawsuit alleges Rosen Hotels Resorts not covered for data breach fines

The lawsuit filed by St. Paul Fire Marine Insurance Company says Rosen has been slapped with $2.4 million in fines and costs related to a data breach — but the company is not covered for it.

The lawsuit filed by St. Paul Fire Marine Insurance Company says Rosen has been slapped with $2.4 million in fines and costs related to a data breach — but the company is not covered for it.

Car burglaries spike in tourist corridor

Caption Car burglaries spike in tourist corridor

Car break-ins soared 165 percent in Orange County’s tourist corridor last year.

Car break-ins soared 165 percent in Orange County’s tourist corridor last year.

Red Lobster expands globally

Caption Red Lobster expands globally

Red Lobster is focusing growth internationally after its purchase by Golden Gate Capital in 2014. 

Red Lobster is focusing growth internationally after its purchase by Golden Gate Capital in 2014. 

BRIDG at NeoCity to open in April

Caption BRIDG at NeoCity to open in April

The highly-anticipated high-tech research center near Kissimmee, now known as BRIDG, will have grand opening April 13.

The highly-anticipated high-tech research center near Kissimmee, now known as BRIDG, will have grand opening April 13.

Article source: http://www.orlandosentinel.com/business/brinkmann-on-business/os-rosen-hotels-data-breach-20170329-story.html

,

No Comments

Montana credit union files class action lawsuit against Arby’s over data breach

Whenever Dillon Kato posts new content, you’ll get an email delivered to your inbox with a link.

Email notifications are only sent once a day, and only if there are new matching items.

Article source: http://missoulian.com/news/local/montana-credit-union-files-class-action-lawsuit-against-arby-s/article_802b10e3-dcf4-5104-8ce2-c662f940a1b8.html

,

No Comments

VDOL updates Joblink data breach

Vermont Business Magazine Officials from the Vermont Department of Labor (VDOL) are continuing to keep the public informed on their ongoing review of a data breach on the standalone, web-based database, America’s Joblink Alliance (AJLA), since learning of the breach on March 15. AJLA informed ten states, including Vermont, that a system modification implemented in October 2016 created a vulnerability in the system. As previously reported, AJLA had become aware of the attack on, or around, March 12 and corrected the vulnerability before notifying the states impacted by the breach. AJLA immediately hired RSA Security, LLC, an independent security specialist, to investigate the breach. Both RSA and AJLA have provided assurance to the 10 states impacted by the breach that the vulnerability has been fixed.

The breach compromised as many as 182,000 accounts in Vermont and 4.8 million accounts across 10 states. The breach potentially exposed personal information, including name, date of birth and social security number. For Vermont, these are accounts entered into Vermont Joblink over a 14-year period. Some users voluntarily register, and others are required by VDOL to register for the program.

VDOL continues to communicate daily with AJLA and the other affected states since being notified of the data breach. “We have collectively pushed for AJLA to notify individuals who may have been compromised, as well as to offer credit monitoring, as it has been our top priority to inform and protect those impacted individuals. The vendor has agreed to both. We also continue to demand AJLA provide credit protection in addition to monitoring,” said Kurrle.

AJLA has assured VDOL that emails to any individual with a valid email address in the Joblink database will go out beginning on Friday, March 31,and will continue through the following week. The email notification will outline the details of the breach as well as provide a point of contact. VDOL recommends that anyone who has used Vermont Joblink over the last 14 years, monitor for this email and call AJLA’s toll free helpline at 844-469-3939, if no email is received by the end of next week.

The Department has reviewed the contract with the vendor to determine terms. The vendor has been used by the State since 2003, and was last renewed in July 2016. The contract was established at that time. The vendor continued to be paid throughout 2016, but the contract was not executed until February 6, 2017, by Commissioner Kurrle.

The contract, which is called an Intergovernmental Agreement, is between the Vermont Department of Labor and the Kansas Department of Commerce – AJLA-TS. AJLA-TS is a part of the Kansas Department of Commerce, and contracts with States to provide the JobLink software. The term is July 1, 2016 to June 30, 2017. The Governor has directed VDOL to issue an RFP and put the contract out for bid.

AJLA’s Joblink system is a standalone system and is not linked to any other State of Vermont system. JobLink is a database that is used by the Vermont Department of Labor, and nine other states, to help job seekers perform job searches and create and post resumes. When a person files for Unemployment Benefits, VDOL requires them to sign up in Vermont’s Joblink as well as to perform regular job searches unless they have a return to work date inside 10 weeks.

Source: Montpelier, Vt. –  VDOL 3.29.2017

Article source: http://www.vermontbiz.com/news/march/vdol-updates-joblink-data-breach

,

No Comments

New Mexico soon to have data breach statute

If the governor signs the bill, New Mexico would become the 48th state with a breach notification law.

New Mexico is a gubernatorial signature away from becoming the nation’s 48th state to pass a data breach notification law, according to a post on the website of global law firm Morgan Lewis.

The legislation passed unopposed through the state’s House on Feb. 15 and Senate on March 15 and now awaits Governor Susana Martinez to sign it into law. She has until April 7, otherwise it will be pocket vetoed.

If she signs the bill, New Mexico would become the 48th state – along with four U.S. jurisdictions: the District of Columbia, Guam, Puerto Rico, and the Virgin Islands – to adopt some form of data breach notification law, requiring that an entity notify residents should there be an unauthorized access to their systems or a compromise of personally identifiable information.

The various state laws, while similar in intent, are each unique, “creating a complicated and oftentimes contradictory system,” the Morgan Lewis report stated. Though there have been several attempts in Congress at an overarching federal law, each has been stopped in committee, so companies with business in multiple states must contend with complying with all of the jurisdictions.

Alabama and South Dakota still do not have any similar legislation in place.

Article source: https://www.scmagazine.com/new-mexico-soon-to-have-data-breach-statute/article/647277/

,

No Comments

1.4M affected in data breach at Illinois employment department – Chicago Sun

A hacker gained access last month to about 1.4 million job seekers’ personal information on file with the Illinois Department of Employment Security’s online job board, including their names, Social Security numbers and birth dates.

The data breach happened because of a “vulnerability” in the application code of America’s Job Link Alliance, the software vendor that runs IllinoisJobLink.com, according to a statement from IDES.

“The vulnerability was not the result of any deficiency in software maintained by the State of Illinois and may have impacted ten states,” the statement said.

As of Wednesday afternoon, there was no indication that anyone’s information had been “misused,” officials said. America’s Job Link Alliance is offering a year’s worth of free credit monitoring for the affected job seekers.

The breach affects users who created accounts before March 14. The company says the website is now safe to use.

The hacker created an America’s Job Link account on Feb. 20 and exploited the system to view other accounts, according to AJLA, which said it didn’t figure out there had been a breach until March 12. The problem was fixed by March 14.

The company confirmed on March 22 that the hacker had gotten ahold of users’ data and then notified the Illinois Department of Employment Security, which began sending notices to the 1.4 million affected job seekers via email or letter.

“At present, AJLA has no reason to believe that anyone other than the individual hacker exploited the vulnerability,” the company said.

The FBI is investigating the source of the hack.

Article source: http://chicago.suntimes.com/politics/1-4m-affected-in-data-breach-at-illinois-employment-department/

,

No Comments