Data Breach in the America JobLink System
Added on 2020-02-24
9 Pages2635 Words33 Views
|
|
|
Running head: INFORMATION SECURITY 1
Information Security
Name:
Institution Affiliation:
Information Security
Name:
Institution Affiliation:
INFORMATION SECURITY 2
Part A: America’s JobLink breach
What was the problem?
The America JobLink, which is a web based system which connect the job seekers and the
employers, they revealed that their system were breached by a hacker who exploited the
misconfiguration in the application code (Acuña, 2016). This attacker was able to gain an access
to the personal data of about 4.8 million job seekers, which included their full names, the date of
birth date as well as the social security numbers (Al-Bayaa, 2011). The Alabama Department of
Labor recently reported that the data breach in the America JobLink system. The America
JobLink is managed by the America JobLink Alliance, which is a Kansas City organization
which provides the online services to the multiple state employment offices across the country,
which include Alabama (Acuña, 2016). All the individuals who registered with the Alabama
State Employment, they may be at the risk of the identity theft.
How and why it occurred
On 12th March AJLA tech support team had received the errors in the systems which indicated
the suspicious activity of their system (Collier, 2017). The incident was reported to the law
enforcement, as well as the third party forensic team which helped to determine on the scope of
breach.
The investigators confirmed that the suspicious activity of the March 21, and the breach was
announced on the next day. The question which remains what happened on 12st March? On this
day the America JobLink (AJL) was the victim of the breach when the hackers exploited a flaw
in their application code and they were able to gain unauthorized access to the data of the job
seekers in the ten states in America (Easttom II, 2016). AJL has a multi-state system that links
Part A: America’s JobLink breach
What was the problem?
The America JobLink, which is a web based system which connect the job seekers and the
employers, they revealed that their system were breached by a hacker who exploited the
misconfiguration in the application code (Acuña, 2016). This attacker was able to gain an access
to the personal data of about 4.8 million job seekers, which included their full names, the date of
birth date as well as the social security numbers (Al-Bayaa, 2011). The Alabama Department of
Labor recently reported that the data breach in the America JobLink system. The America
JobLink is managed by the America JobLink Alliance, which is a Kansas City organization
which provides the online services to the multiple state employment offices across the country,
which include Alabama (Acuña, 2016). All the individuals who registered with the Alabama
State Employment, they may be at the risk of the identity theft.
How and why it occurred
On 12th March AJLA tech support team had received the errors in the systems which indicated
the suspicious activity of their system (Collier, 2017). The incident was reported to the law
enforcement, as well as the third party forensic team which helped to determine on the scope of
breach.
The investigators confirmed that the suspicious activity of the March 21, and the breach was
announced on the next day. The question which remains what happened on 12st March? On this
day the America JobLink (AJL) was the victim of the breach when the hackers exploited a flaw
in their application code and they were able to gain unauthorized access to the data of the job
seekers in the ten states in America (Easttom II, 2016). AJL has a multi-state system that links
INFORMATION SECURITY 3
the job seekers with the employers. On this day the attackers were able to gain the entry in the
system and accessed the names, birthdates as well as the social security number of the applicants
from Alabama, Delaware, Arizona, Kansas, Illinois, Maine, Vermont and Oklahoma (Goodrich
& Tamassia, 2013). In the breach there was a code configuration which was introduced into the
system through the update.
The organization national reach made this breach very serious as a result of the hackers
accessing the user’s data from the ten different states (Goodrich & Tamassia, 2013). According
to the states targeted Illinois was the most affected with an approximate of one million four
hundred users with the state who were compromised on their data. The severity of the breach
was also impacted by the kind of data that was breach, such that the social security number being
the most crucial and available information from the hackers perspectives. Additionally, it is
important to note no matter how many records that were affected the information which is
exposed indicates that the victims could face very serious issues especially down the road such
as fraud or perhaps the identity theft (Siponen, Mahmood & Pahnila, 2014). The hackers
breached on this system because they wanted the information of the client such as the social
security number and be able to steal their funds.
What are the possible solutions?
As a society individuals have reached to the point in which every organization have been
entrusted with the personal information of the client. The organization needs to constantly test
and harden on both their internal and the external defenses. One of the possible solution to this
attack would be to remove ones data from the AJLA systems. To accomplish this, AJLA had
instructed individuals to contact their local AJLA office for further assistance. The local office
would then check individual accounts and determine if there data was compromised in the attack.
the job seekers with the employers. On this day the attackers were able to gain the entry in the
system and accessed the names, birthdates as well as the social security number of the applicants
from Alabama, Delaware, Arizona, Kansas, Illinois, Maine, Vermont and Oklahoma (Goodrich
& Tamassia, 2013). In the breach there was a code configuration which was introduced into the
system through the update.
The organization national reach made this breach very serious as a result of the hackers
accessing the user’s data from the ten different states (Goodrich & Tamassia, 2013). According
to the states targeted Illinois was the most affected with an approximate of one million four
hundred users with the state who were compromised on their data. The severity of the breach
was also impacted by the kind of data that was breach, such that the social security number being
the most crucial and available information from the hackers perspectives. Additionally, it is
important to note no matter how many records that were affected the information which is
exposed indicates that the victims could face very serious issues especially down the road such
as fraud or perhaps the identity theft (Siponen, Mahmood & Pahnila, 2014). The hackers
breached on this system because they wanted the information of the client such as the social
security number and be able to steal their funds.
What are the possible solutions?
As a society individuals have reached to the point in which every organization have been
entrusted with the personal information of the client. The organization needs to constantly test
and harden on both their internal and the external defenses. One of the possible solution to this
attack would be to remove ones data from the AJLA systems. To accomplish this, AJLA had
instructed individuals to contact their local AJLA office for further assistance. The local office
would then check individual accounts and determine if there data was compromised in the attack.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Information Security : Reportlg...
|6
|1099
|169
Malware Attack on Chipotlelg...
|4
|710
|384