Skip to main content

Millions of social security numbers accessed in Kansas agency data breach

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
In today’s always-connected world, it’s impossible to do much business without entering your personal information in one computer system or another. That means that private data, often including social security numbers, is only safe as long as all of those systems remain secure — and even state government systems aren’t always safe. If you’ve been looking for a job via a Kansas Department of Commerce employment service, then you’re suddenly well aware of how it feels to see hackers steal your private data when there’s nothing you can do about it.

The news comes via KCUR, which as a member of the Kansas News Service requested and received information on a recent hack of a system operated by America’s Job Link Alliance-TS (AJLA-TS), a division of the Kansas Department of Commerce. The service allows people to post résumés and conduct job searches at sites like, and it also manages data for a total of 16 states including Kansas.

A total of almost 6.5 million records were hacked, and of those, 5.5 million from 10 states included social security numbers (SSNs), one of the most sensitive data types to which a hacker can gain access. According to the records obtained by the Kansas News Service, about half a million of the hacked accounts with SSNs were held by individuals located in Kansas.

The following states were affected:

  • Arkansas: 597,734 SSNs
  • Arizona: 896,370 SSNs
  • Delaware: 236,134 SSNs
  • Idaho: 170,517 SSNs
  • Kansas: 563,568 SSNs
  • Maine: 283,449 SSNs
  • Oklahoma: 430,679 SSNs
  • Vermont: 183,153 SSNs
  • Alabama: 1,393,109 SSNs
  • Illinois: 807,450 SSNs

The breach was first suspected on March 12, 2017 and then verified on March 14. The FBI was notified of the breach on March 15, and since then AJLA-TS has been soliciting assistance from a variety of third-party IT forensic analysis companies. The good news is that the exploit used by the hackers to gain access to the accounts has been identified and fixed and the affected accounts precisely identified.

The state of Kansas is now paying three firms at least $235,000 for various services through the end of 2017. The costs of the breach will also rise significantly as the state will also pay for a year of credit monitoring for most of the victims, specifically those located in nine of the 10 states with victims affected by the breach. Victims in Delaware will receive three years of credit monitoring service due to contractual obligations.

So far, the Kansas Department of Commerce has sent 260,000 emails informing victims of the breach, but many hundreds of thousands have not yet been notified due to a lack of email addresses. Because Kansas law does not stipulate regular mail or telephone notification, it’s unclear if other victims will be notified. If you fear that your data might have been compromised, then you can contact a call center established for victims at 844-469-3939.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
OnePlus customer data stolen in second data breach in two years
oneplus 7t macro lens iphone 11 lacks cameras

Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.

This comes less than two years after up to 40,000 customers' private information was stolen from OnePlus, leading to credit card fraud using customers' details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.

Read more
Marriott faces $123M fine for huge data breach that targeted millions of guests
marriott android app credit card info open

Marriott International is facing a fine of 99 million British pounds (about $123 million) for a data breach discovered in 2018 that affected around 339 million of its Starwood guests.

The hefty financial penalty has been proposed by the United Kingdom’s Information Commissioner’s Office (ICO) and comes a day after the same body hit British Airways with a record $230 million fine for a data breach suffered by the carrier last year.

Read more
British Airways hit with a massive fine for 2018 data breach
british airways cabin crew given ipads

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

Read more