Vermont Department of Labor details data security breach at third party Vendor

America’s Joblink Alliance – a provider of the nationwide web-based database Joblink, which is used by the State of Vermont – has notified the State that the job seeker functionality of its website was compromised by a malicious software.

The Joblink system, which is also used by nine other states, is a standalone system and is not linked to any other State of Vermont systems. Initial details indicate this was a systematic breach designed to extract data from Joblink, and it is unknown whether the software was deliberately inserted or the result of an unintentional introduction by a jobseeker with an infected computer.

The system has been fixed and secured by America’s Joblink Alliance, which is currently evaluating the scope of the breach using a third-party vendor, RSA, to perform forensic analysis, and working with the Federal Bureau of Investigation.

Read more on VermontBiz.  So far, I haven’t seen any Joblink notification on any attorney general sites.

Update: More reports are now starting to emerge, with some news stories reporting that hundreds of thousands in particular states may be affected. All told, this breach may impact a few million people, but we’ll have to wait for more definitive reporting.