DWS DISCOVERS VIRUS IN SYSTEM AND FAILS TO FOLLOW LAW TO PROVIDE REQUIRED NOTIFICATIONS

ADWS SPOKESMAN STEVE GUNTHARP RULES OUT HACKING AND PLACES BLAME ON AN ADWS CLIENT FOR PUTTING VIRUS IN ARKANSAS JOBLINK SYSTEM

  

The Arkansas Democrat-Gazette published a story last week that revealed that the Arkansas Department of Workforce Services discovered a virus in a database contains personally identifiable information of an estimated 19,000 Arkansas citizens that were seeking employment.

ADWS spokesmans Steve Guntharp stated that it was not immediately clear if the virus had extracted personal information before it was detected.

Gunthrap blamed a user for placing the virus in the Arkansas JobLink system. 

"The only thing we know is somebody entered their information in and somehow got that [virus] into the system," Guntharp said. "We are working right now on trying to determine what the extent of the breach was."

The breach was discovered by a contractor that maintains the database for ADWS.

Ark. Code. Ann. § 4-110-105 requires ADWS to notify any resident of Arkansas whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized individual by a breach of their system.

Guntharp stated that the information dates back to 2001, but not to worry because accounts are deactivated after 90 days. 

But the information remains in that system indefinitely Guntharp reluctantly admitted.

A reasonable person would question why the heck ADWS would maintain personally identifiable information about individuals, individuals that cannot access or remove the information after 90 days, on such unsecured servers.

The personally identifiable information that could have or was obtained by hackers and criminals can be used in a variety ways.

In fact the same day that the  Arkansas Democrat-Gazette ran a story about the ADWS breach, they also ran a story about lady in Arkansas that admitted to 

defrauding the government out of $262,691 in SNAP benefits from multiple states,  by using other individuals Social Security numbers, etc. (like the information in the Arkansas Joblink database that was breached) to make on-line applications for benefits.

Such information could also be used to open accounts, obtain credit cards, and many other things.

If you used the Arkansas Joblink system anytime since 2001, call Guntharp at 501-837-8700, and ask him why his agency kept your information and if they are going to provide credit monitoring services.