Archive for Friday, July 21, 2017

Kansas data breach gives hackers access to millions of Social Security numbers

Kansas Department of Commerce logo

Kansas Department of Commerce logo

July 21, 2017, 11:36 a.m. Updated July 21, 2017, 12:42 p.m.


— Hackers who breached a Kansas Department of Commerce data system in March had access to more than 5.5 million Social Security numbers in 10 states, along with another 805,000 accounts that didn't include the Social Security numbers, according to records obtained from the agency.

The department will be required to pay for credit monitoring for most of the victims of the hacking, according to records obtained through an open records request by the Kansas News Service.

Besides Kansas, the other states affected by the hack are Arkansas, Arizona, Delaware, Idaho, Maine, Oklahoma, Vermont, Alabama and Illinois.

The suspicious activity was discovered March 12 by America's Job Link Alliance-TS, the commerce department division that operates the system. It was isolated March 14 and the FBI was contacted the next day, according to testimony from agency officials to the Legislature this spring. The Kansas News Service filed its open records request May 24 and the commerce department fulfilled the request Wednesday.

A commerce department representative didn't immediately return a call Friday from The Associated Press seeking comment.

The data is from websites that help people find jobs, such as, where people can post resumes and search job openings. At the time of the hack, Kansas was managing data for 16 states but not all the states were affected.

After the hack, AJLA-TS officials called in a third-party IT company specializing in forensic analysis to verify the coding error the hackers exploited was fixed and to identify victims.

The documents show the commerce department also contracted with private companies to help victims, provide IT support and to provide legal services. The state is paying $175,000 to the law firm and $60,000 to the IT firm. The commerce department didn't provide the cost of the third contract.

Earlier testimony to lawmakers indicated a fourth company, Texas-based Denim Group, was contracted in April to review code and provide advice for improvements, which has since been implemented. The agency didn't provide documents related to that contract.

Kansas will pay for up to a year of credit monitoring services for victims in nine of the affected states. Delaware residents are eligible for three years of services because of contractual obligations to that state.

The agency said in May this was the first known breach of AJLA-TS' databases and the contractor's response exceeded requirements in Kansas law. However, the commerce department said it had sent about 260,000 emails to victims but couldn't contact all victims because it didn't have their email addresses. Kansas law does not require notification to the victims via post or telephone, the department said.

The call center for victims, which can be reached at (844) 469-3939, will remain open through the end of July.


Bill McGovern 7 months ago

Great now somebody will steal my identity :(

Larry Sturm 7 months ago


Michael Kort 7 months ago

Did they hack their way in or pay an insider for access ?

Steve Jacob 7 months ago

I don't want to say it, but could this hack be a pro Trump group looking for illegals?

Charles L. Bloss, Jr. 7 months ago

How does one determine if they are a victim of this hack?

Thomas Bryce Jr. 7 months ago

" Kansas law does not require notification to the victims via post or telephone, the department said." How does a Kansas Citizen find out if their Personal information is at risk then?

Michael Kort 7 months ago

Ouija Board..............that's how state policy to protect your information is done .

Seriously, you might find out if you run for election and somebody doesn't like you .

It will be one extended drip, drip, drip as it was with Hillary to keep the news cycles tuned in on whatever they can misrepresent .

That was the fault of the last FBI director.........they played him like a fiddle with just enough info. to keep the email leak FBI stories going.........and he unwittingly helped them by being honest, above board and airing their story day after day .

Richard Heckler 7 months ago

Our governor, Lt Governor , Sec of State and associates are to blame. These guys are too busy running about the country attending closed door ALEC conferences seeking campaign dollars.

Commenting has been disabled for this item.