Data Breach at WorkForce West Virginia

Written by

Personal information belonging to job seekers residing in the Mountain State may have been exposed during a security incident at WorkForce West Virginia.

The breach was confirmed yesterday by West Virginia governor Jim Justice, who addressed the incident during a press conference held earlier today. 

WorkForce has begun sending notification letters to individuals whose personal data was compromised. The letters state that WorkForce learned on April 13 that an unauthorized individual had accessed a job-seekers database.

The unknown cyber-criminal may have gained access to the database via the Mid-Atlantic Career Consortium Employment Services database, or MACC website. West Virginians use the MACC to register for job services before applying for unemployment benefits.

“Upon discovery, immediate steps were taken to secure the network, and WorkForce immediately began an investigation,” states the letter.

“An experienced computer forensic firm was hired to help determine what happened and what information may have been accessed,” it continues.

MACC remained offline for 45 days while investigators probed the incident. In May, they concluded that job seekers' personal information could have been exposed. 

Data compromised in the incident may have included names, addresses, phone numbers, dates of birth and Social Security numbers.

“The security incident was investigated,” said WorkForce. “The risk was assessed, and the agency engaged a professional third-party forensic firm to manage ongoing risk mitigation.”

While sensitive data may have been accessed, WorkForce said that no files were downloaded, exfiltrated or altered. The agency has made improvements to its cybersecurity that include switching to a different software in the hope of preventing any similar incidents from occurring. 

“Mitigating any potential risk for constituents continues to be our top priority,” said WorkForce West Virginia commissioner Scott Adkins.

“Constituents should follow the guidance provided in the letter they received from WorkForce if they have any questions.”

The agency is offering those impacted by the data breach a year's worth of credit report monitoring and $1m in fraud loss reimbursement, fraud consultation and identity theft restoration.

WorkForce did not state how many West Virginians may have been impacted by the incident.

What’s hot on Infosecurity Magazine?