The Illinois Department of Employment Security (Ides) revealed on Friday (24 March) that one of its vendors was hacked, potentially compromising personal information of approximately 1.4 million job seekers in the state. Hackers may have potentially accessed the names, Social Security numbers and birthdates of job seekers on the vendor's database, the agency said.
It added that the data breach may have impacted ten states including Arizona, Alabama, Arkansas, Delaware, Idaho, Kansas, Maine, Oklahoma and Vermont. The agency notified the state's General Assembly about the hack.
Illinois authorities said the hack was not a result of any vulnerability in the state software.
According to the Ides, the vendor – America's Job Link Alliance - Technical Support – got to know of the data breach on 14 March. The agency said a malicious third party hacker exploited a vulnerability in the AJL application code.
"At present, AJLA has no reason to believe that anyone other than the individual hacker exploited the vulnerability," Ides said and added, it was not immediately clear whether the vulnerability actually resulted in any unauthorised access to residents' data before the AJLA notified them.
Officials said a technical team from the Illinois Department of Innovation and Technology is working with Ides, the vendor and a forensic firm to address the breach. The FBI has also been notified of the hack and is currently investigating.
The Ides is currently preparing notices to inform the affected job seekers about the breach.
"The threat of cybercrime is a clear and present danger to the citizens of Illinois and our administration will continue pressing forward with a comprehensive strategy," Eleni Demertzis, spokeswoman for Governor Rauner, said in a statement. "We implore Comptroller Mendoza to reevaluate her decision to hold up funding for this important project, which everyday puts the people of Illinois at risk."
Earlier this month, Democratic Comptroller Susana Mendoza suspended $27m in payments for the Enterprise Resource Planning Program, a technology modernisation project launched by Governor Rauner. Mendoza argued that resources should be allocated towards services such as universities, senior centres and hospice care rather than consulting firms.