The Kansas Department of Commerce says the up to 580,000 Kansans have potentially been affected after the state's job-finding website "KansasWorks" was hacked last month. The total number of Kansans potentially affected equals more than one in six people in the state.
If you have used the site, everything from your name, to your birthday, to your social security number could be compromised. The state has not received any reports of information being misused, but cyber-security experts say hackers often hold onto that data for a while before doing anything with it.
If you have ever used the KansasWorks website, you can call a credit reporting agency to see if someone is trying to open a new account under your name.
The credit reporting agencies and the numbers to reach them are: * Equifax: 888.766.0008
* Experian: 888.397.3742
* TransUnion: 800.680.7289
Names, birthdays, and social security numbers, all hacked. Thousands of Kansans are finding out this week that their personal information has been stolen.
A company that manages data for Kansas Works, the state's job finding website, was hacked. That company is America's JobLink Alliance.
The company manages data job finding services for 10 states, and job seekers in all these states are affected. (Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont.)
On Thursday, John Gillihan of Newton got the email that told him what happened.
"I was pretty mad when I first read it," Gillihan said. The email came from Kansas Works and says," We are writing to inform you that your account has been identified as one that was affected by this incident, exposing your personally identifiable information... to an unauthorized user." "My name, age, social security, birthdate, everything. They took it all," Gillihan said.
America's JobLink is a Topeka-based company. Representatives didn't respond to calls or emails, but a press release says on February 20th, a hacker made an account and exploited a weak point in their code.
More than three weeks later, the company noticed unusual activity and fixed the problem, on March 14th.
The number of people impacted across the country could be in the millions.
Murtuza Jadliwala is a cyber security expert and teaches computer science at Wichita State. He says the stolen data will get sold.
"What they typically do is take this data and take it to an underground internet or the dark internet and try to sell this data," he said.
Then others will buy that data, to try and steal your identity. It's something that could happen tomorrow, or in years. "It's nerve-wracking, because you never know," Gillihan said. "No matter where you go anymore, someone wants your information to use it against you. Then you've got years of heartache trying to get it straightened out," he said.
Gillihan is working now, but says he enrolled in KansasWorks after breaking his back and was required to sign up to receive unemployment.
"I'm just trying to get back on my feet from all that. I don't need my stuff being stolen. I don't want to wind up losing the credit I have now," he said.
Gillihan says this hack hits people who are already struggling hardest.
"They're there to help you find a job. So obviously you're already in a financial crunch. You'd think they'd secure that better," he said.
Experts like Jadliwala say the best thing to do now is report your social security number stolen with the IRS and freeze your credit, so you're notified anytime someone tries to open a card or take out a loan.
America's JobLink (AJL) says it's providing a year's worth of free identity theft protection with Equifax for victims, but Gillihan and other victims Eyewitness News spoke with say it's not enough. They say because attempts to steal their identities could happen in years, the protection should continue on for years.
AJL says working with the FBI to identify the hackers and if your account was compromised, you'll be notified before the end of next week.
Read the company's press release on what happened here: www.ajla.net/pressrelease.html