Virus found in database of job seekers, state says

Investigators are trying to determine whether personal information -- including Social Security numbers -- for an estimated 19,000 Arkansas job seekers was stolen after a virus was detected in a statewide database, a government spokesman said.

Arkansas Department Workforce Services spokesman Steve Guntharp said Thursday that it was not immediately clear whether the virus extracted personal information before it was detected.

Neither the source nor the source's intent is known, but the virus' specific purpose was to "gather information" rather than shut down or damage the system, Guntharp said.

Officials were relying on early information shared by America's Job Link Alliance of Topeka, Kan., the contractor that administers the affected online database Arkansas JobLink, Guntharp said.

"The only thing we know is somebody entered their information in and somehow got that [virus] into the system," Guntharp said. "We are working right now on trying to determine what the extent of the breach was."

Although the virus is reportedly software designed to gather information from the system, it could have been unintentionally inserted by a job seeker who unknowingly used an infected computer, said Shucheng Yu, interim chairman of the department of computer science at the University of Arkansas at Little Rock.

If it is determined that information leaked from the database, Workforce Services will notify everyone who has used the system -- which dates to 2001 -- by email and a typed letter, Guntharp said. No notification will be issued if it's determined that no information was stolen, he said.

[EMAIL UPDATES: Get free breaking news alerts, daily newsletters with top headlines delivered to your inbox]

Users submit names, addresses, dates of birth, Social Security numbers and other information when using the free service, Guntharp said. Although accounts are deactivated after 90 days of no use, personal information is stored indefinitely, he said.

The Arkansas Democrat-Gazette learned of the breach through an anonymous tip submitted by email early Thursday afternoon.

The contractor informed Workforce Services that similar databases in other states may have been breached as well, Guntharp said.

America's Job Link Alliance has similar contracts with nine other states, including neighboring Oklahoma, according to its website. Voice mails left at the contractor's main office and with a cellphone number for its director, Christine Bohannon, were not returned.

The contractor notified Workforce Services that it had detected issues earlier in the week via an email sent shortly before 1 p.m. Wednesday. The email, obtained by the Democrat-Gazette and signed by Bohannon, says the contractor is working with a third party and will produce a full incident report.

Bohannon wrote in the email that errors were detected in at least three state systems. After reviewing database logs, the contractor determined that someone was attempting to access "demographics pages" midday Tuesday, Bohannon wrote.

"Tuesday afternoon we isolated the root cause and implemented a fix," Bohannon wrote.

Arkansas JobLink connects job seekers with prospective employers. Employers may search for workers and view their resumes but do not submit personal information in order to use the system, Guntharp said.

One of the frequently asked questions listed on an Arkansas JobLink Web page inquires about why Social Security numbers are required to sign up.

"In order to receive federal dollars and keep this service free, we are required to ask for your social security number," it says in response. "It is not made available to employers or the public. To avoid identity theft, state-of-the-art software has been installed to prevent hacking into the system."

Metro on 03/17/2017