America's Job Link Alliance - OKJobMatch Notice
FAQ last updated on 3/24/2017
This incident page is presented in a FAQ (Frequently Asked Question) format. Please visit this page often as it will continue to be updated with any new information.
New! Q. Do you have questions or concerns about the security breach to the Oklahoma JobMatch system maintained by America’s Job Link Alliance (AJLA)?
A. AJLA has set up a toll-free number, 1-844-469-3939, that will be open from 8 am - 8 pm CDT Monday through Friday, starting Monday, March 27, 2017. Oklahoma JobMatch job seekers who may potentially be affected by the breach should contact AJLA as soon as the call center is open. Job seekers impacted by the security breach will be notified by AJLA early next week.
Q. What incident and when did it occur?
A. America’s Job Link Alliance (AJLA) OKJobMatch breach occurred on March 12, 2017.
Q. What Happened?
A. America’s JobLink (AJL), a multi-state web-based system that links job seekers with employers, has been the victim of a hacking incident from an outside source. AJLA–TS is developed and maintained by American’s Job Link Alliance–Technical Support (AJLA–TS). AJLA–TS has been in business for almost 50 years; this is the first known intrusion AJLA–TS has experienced.
On March 21st, AJLA–TS confirmed that a malicious third party “hacker” exploited a vulnerability in the AJL application code to view the names, Social Security Numbers, and dates of birth of job seekers in the AJL systems of up to ten states: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. Upon discovery of this activity, AJLA–TS immediately intervened and deployed its technical team to assess and stop the incursion, disabling the hacker’s access to the AJL systems.
AJLA–TS is working diligently with law enforcement officials to identify and apprehend the perpetrator. An independent forensic firm is completing work to determine how many job seeker accounts may have been viewed and where those individuals are located. The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA–TS system.
AJLA–TS also develops and maintains ReportLink, a workforce program data management system, and CertLink, a Work Opportunity Tax Credit (WOTC) management system. The forensic firm has concluded that the code vulnerability did not affect those systems.
Q. Why did this vendor have this data?
A. You created a profile on okjobmatch.com while searching for employment or as required by Unemployment Insurance. AJLA, the vendor, has a contract with Oklahoma to host the system, including running the application and storing data.
Q. What information was included in the breach?
A. We believe that for the users affected, the information included name, and some or all of the following: date of birth, Social Security number, phone number and address.
Q. How do I know if my data was in the breach?
A. You will receive a letter notifying you of what information was compromised in the data breach.
Q, What should I do?
A. We recommend that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Call any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts.
Q. Where can I get more information?
A. Additional information about the data breach may be found here.
Q. What is Oklahoma doing about this?
A. OESC is working with the vendor, AJLA concerning the breach. AJLA has hired a forensic firm to identify the cause and scope of the breach. The FBI has been notified and is assisting AJLA to identify and apprehend the perpetrator. Job seeker accounts that may have been viewed are being identified and those individuals will be receiving a letter from AJLA notifying them specifically about the breach and their information. OESC is working closely with the Oklahoma Office of Management and Enterprise Services to monitor the situation. Any updates about the breach will be posted on this page.
Q. Will this security incident involving my OKJobMatch account cause problems with my Unemployment Insurance benefits?
A. No, the security incident involving the OKJobMatch site does not affect your Unemployment Insurance (UI) Benefits. UI claimants should continue to file their weekly claim or file their initial claim as usual. Information on how to file your UI claim can be found here.
Q. What can I do if I find that my information is being misused?
A. Act quickly. Notify local law enforcement. Contact one of the three credit bureaus to place a 90-day fraud alert on your credit report. That bureau will notify the other two bureaus to flag your file. A fraud alert flag tells creditors to follow additional procedures before opening new accounts in your name or changing existing accounts.