America’s JobLink (AJL), a Kansas-based system that works with state governments to provide job seekers with information, recently experienced a cyber-attack that revealed the information of job seekers in its database. The breach exposed the names, Social Security Numbers, and birthdates of users. According to the investigation, the breach first occurred in February and users who created JobLink accounts before March 14th could be affected. Ten states were affected by this data breach, and 4.8 million user accounts throughout the nation were compromised.
According to an independent forensic firm that was hired by AJL to look into the data breach, the cyber attackers were able to exploit a vulnerability to access this confidential information. The attacker created a fake account on one of the JobLink portals and then accessed information about other users. The cyber attack is under a criminal investigation by the FBI. In addition, the Department of Labor has launched investigations in each state and published information about the security incident on its official website.
The Department of Labor has advised job seekers who have had their information compromised in this breach to place a fraud alert on their credit reports. JobLink users should also review their bank and credit card statements regularly to uncover any suspicious or inconsistent activity.
As hackers continue to target databases like JobLink for sensitive information, organizations should consider implementing consistent security practices to keep user information secure from breaches. Below are five security tips that organizations can use to safeguard user data:
Conduct Vulnerability Audits: Regular vulnerability audits are important for organizations because they uncover gaps in security. By uncovering security gaps before they have a chance to be exploited, organizations can prevent hackers from compromising confidential user data.
Conduct an IT Applications Audit: Another audit organizations can conduct is an audit of IT applications. Through an IT applications audit, organizations can uncover unauthorized software and apps running on the network. This unauthorized software could have a vulnerability that a hacker could exploit. By getting rid of unauthorized software, organizations can decrease the amount of potential vulnerabilities.
Monitor Networks: Organizations should monitor their networks for suspicious activity and unauthorized users. In particular, organizations with BYOD policies should be wary of endpoint threats to their networks. Through continuous and consistent monitoring, organizations can uncover malicious threats before they get a chance to deploy and compromise data.
Encrypt Data: Consumers now expect most, if not all, organizations to encrypt sensitive data. Data encryption provides an extra layer of security against hackers and nefarious users. By adding in this extra security step, organizations can make it more difficult for hackers to gain access to sensitive information.
- Limit Data Access: Organizations should limit the amount of data that employees and users are allowed to access. Not all employees should be allowed to access confidential data, especially without proper training. By limiting the amount of data certain employees can access, companies can in turn limit the amount of damage a data breach causes.
Job seekers are regularly expected to input personal information about themselves to company and state databases, but it should be guaranteed that their information will remain secure. In today’s cybercrime environment, organizations should regularly conduct audits, continuously monitor networks, and enable additional layers of data protection to keep their users’ information secure from malicious actors.
Copyright 2010 Respective Author at Infosec Island Source: www.infosecisland.com