Kansas state job agency suffers data breach compromising social security numbers

The Kansas Department of Commerce’s employment service has reportedly been hacked with almost a total of 6.5 million records stolen.

The agency’s job-seeking division Job Link Alliance-TS was breached and its databases were illegally accessed. As the organisation’s nature is to help people find and apply for jobs, they hold a wealth of information including individuals’ personal contact information, résumés (CVs) and social security numbers. In the U.S, the social security number is one of the most sensitive types of information that can be stolen. With a social security number, criminals can steal a person’s identity.

Starring Jason Bateman and Melissa McCarthy, the comedy movie “Identity Thief” sees a man track down the criminal who steals his identity. Unfortunately, in real life, identity thieves are not so easily found and caught. The light hearted movie makes a joke of the victim’s stolen identity with the thief spending his money frivolously on makeovers and clothes. Real victims of identity theft often don’t find out until they’re placed in significant debt and any trace of the thief is gone.

The numbers of the breach

Victims may lose a lot; their money, possessions, licences – anything that makes them who they are in the eyes of the state, stolen by another. Of the 6.5 million records compromised, 5.5 million included social security numbers, and citizens from nine other states are also said to be affected in this huge data breach.

States and the number of social security numbers compromised was reported as follows:

• Arkansas: 597,734
• Arizona: 896,370
• Delaware: 236,134
• Idaho: 170,517
• Kansas: 563,568
• Maine: 283,449
• Oklahoma: 430,679
• Vermont: 183,153
• Alabama: 1,393,109
• Illinois: 807,450

The FBI has been notified of the breach. Investigations have identified how the hackers managed to get into the system and which exact accounts were affected by the hacking.

An expensive breach

The atrocious data breach is likely going to cost Kansas a fair amount of money. The state has already paid three IT forensic analysis firms around $235,000 (£180,000) for various services surrounding the breach. The sum doesn’t include the cost of providing the victims with a year’s subscription to credit monitoring services, which is often a standard for this type of breach.

For victims in Delaware, contractual obligations mean that the state will have to triple the period of credit monitoring services.