430,000 Oklahoman’s Personal Information Affected in Data Breach

Media Division | March 23, 2017

Hackers continue to make the news as they compromise and breach a number of different systems and networks.  One thing that hackers tend to target quite frequently is personal information contained within systems and databases, as they can use it for a number of malicious purposes, including identity theft or fraud.  Such is the case in a recent hacking, in which the personal information of over 430,000 individuals in Oklahoma was affected according to officials.

What Was Affected in the Breach?

Hackers were able to access the names, birthdays, and social security numbers of users of OKJobMatch.com, which is used to connect employers and individuals searching for a job.  The information was stored on a database and web application hosted by a third party vendor called American Job Link Alliance (AJLA), a Kansas-based company.  The organization’s systems are also used by several other states to coordinate workforce development systems and federal unemployment.  According to the Oklahoma Office of Management and Enterprise Services (OMES), both the Oklahoma Employment Security Commission (OESC) and the Office of Workforce Development use the website, but it is not linked to any other state systems.  A spokeswoman from Gov. Mary Fallin’s office said, “If you’ve accessed the site, then you’re probably vulnerable.”

The Next Steps

It is reported that users from nine other states have also been affected, those states being: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, and Vermont.  Users in Oklahoma will be alerted next week as to whether their account information was affected, and AJLA has said that they will be setting up a call center to answer any questions.  OESC Executive Director Richard McPherson had said, “We appreciate the help OMES has provided in coordinating with other states and contributing the technical expertise to manage this issue. The privacy and protection of Oklahomans is of chief importance and we will be vigilant in ensuring that AJLA is taking responsibility for this breach and providing appropriate assistance and remedies to our citizens.”

According to a statement from OMES, the system has now been repaired and secured.  A separate third party vendor had performed a forensic analysis of the breach, and are working with the FBI.  There has been no information released as to the methods or identity of the hacker.  Often times, when under investigation like this, details will not be released until a conviction or charges are filed.

Protecting Networks and Databases with Cyber Security Monitoring

There are a wide range of vectors that cyber attackers can exploit, which is why it is critical that an organization have a constant awareness of the status of their network and systems.  This is where cyber security monitoring is an invaluable implementation.  It allows IT staff or a dedicated analyst to have consistent updates in regard to their systems, as well as notification of any patterns or anomalies in real time.  Awareness like this allows network professionals to be able to investigate these indicators immediately.  They are then able to address them if it turns out to be a malicious threat or attempted breach.  One of the largest issues with cyber attacks is that they are often not discovered for some time, which allows them to wreak havoc for an extended period.  But with cyber security monitoring, threats and attackers can be identified, mitigated, or prevented as soon as they show up.  Massive Alliance’s cyber security monitoring services can provide a much-needed line of defense for an organization.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.