In September, the Illinois government announced it was overhauling its cybersecurity practices in a bid to better defend its residents’ personal data and make its data processing more efficient.
Last week, however, 1.4 million Illinois job seekers had their personal information compromised after one of the state’s employment security vendors, America’s Job Link Alliance, was hacked.
The office of Illinois’s governor, Bruce Rauner, said that the Illinois Department of Employment Security notified the Illinois General Assembly of the hack. State officials say the hacker may have accessed the names, Social Security numbers, and birthdates of job seekers in the vendor’s database.
Illinois’s data breach notification legislation requires state agencies that collect personal information to submit a written report to the General Assembly within five business days of the discovery or notification of a data breach.
Illinois ‘in line’ with the nation
This breach puts into question the claim by Kirk Lonbom, the chief information security officer for Illinois’s Department of Innovation and Technology, that the state was “right in line” with the nation.
He made that claim in response to a survey of state information technology officers released by the National Association of State Chief Information Officers (NASCIO) last year, which sparked the plans to renovate the state’s cybersecurity defenses.
The survey recommended that all states document and formalize a cybersecurity strategy, which it claimed would raise awareness of cybersecurity issues and increase the likelihood of securing additional funding at a time when states across the country face financial challenges.
Lonbom met with the National Governors Association last October to assist in the development of the new cybersecurity strategy.
“We found cybersecurity awareness training was not being handled consistently across state agencies,” he said. “People at their workstations and laptops are really our best line of defense, but they need to be trained and aware of how to defend themselves [from] phishing attacks, etc.”
At the time, Lonbom confirmed a state-wide security awareness training program was underway, which aimed to train 50,000 state employees by the end of the year.
The problem is that America’s Job Link Alliance is a third-party vendor based in Kansas City. It is not directly affiliated with the state government, and – despite the sensitive data that it holds for the them – it is responsible for its own cybersecurity.
Subscribe to the Daily Sentinel for all the latest cybersecurity news and advice.