Friday, April 7, 2017
ADWS REFUSES TO DIRECTLY NOTIFY CLIENTS ABOUT BREACH
Instead of directly notifying individuals that had their personally identifiable information obtained by yet unknown hackers, the Department of Workforce Services sent a notice to the Arkansas Democrat- Gazette.
We previously posted about the data breach in this post in March.
This is unbelievable in that not very many individuals actually read the paper and not all of the individuals that are involved reside in Arkansas anymore and would be likely to read an article buried in printed media.
While Arkansas law gives that as one of the two options available to ADWS, they chose the method that will reach the fewest number of individuals.
Even their placing a notice and link on their webpage is window dressing as not many people access that page. Especially those that used the Joblink service years ago. http://dws.arkansas.gov/JobSeekers/PDF/NOTICE%20final%20Dem-Gaz.pdf
The vendor that operates the service under a contract with ADWS did sent out notices, but ADWS had a responsibility to contact each individual by sending a letter as the email address used by the individual may no longer be active or in use.
Shame on ADWS for failing to do the right thing and protect Arkansas citizens when their data security measures failed and they didn't purge their system of personally identifiable information after a fixed period of time.