Hackers had access to millions of social security numbers

22 Jul 2017

Hackers who breached a Kansas Department of Commerce data system in March had access to over 5.5 million Social Security numbers in 10 states, along with another 805,000 accounts that did not include the Social Security numbers, according to records obtained from the agency.

The department would be required to pay for credit monitoring for most of the victims of the hacking, reveal records obtained through an open records request by the Kansas News Service.

Besides Kansas, other states affected by the hack were Arkansas, Arizona, Delaware, Idaho, Maine, Oklahoma, Vermont, Alabama and Illinois.

The suspicious activity came to light on 12 March according to America's Job Link Alliance-TS, the commerce department division that operated the system. After its isolation on 14 March, the FBI was contacted the next day, according to testimony from agency officials to the Legislature this spring.

The Kansas News Service filed its open records request 24 May.

The data was from websites that helped people find jobs, such as Kansasworks.com, where people could post resumes and search job openings. When the hackers struck, Kansas was managing data for 16 states but not all the states were affected.

After the hack, a third party IT company was called to handle and fix the situation and identify the victims.

The commerce department also contracted with three other private companies to help the victims and to contribute to IT support, while it also provided legal services.

One such company, a law firm, is being paid $175,000 by the state. The state will also pay $60,000 to an IT support company. The payment to the third contracted party was not reported by the department.