Maryland Department of Labor Announces Data Breach
The Maryland Department of Labor has announced that databases containing personally identifiable information (PII) were accessed in a cyber-incident discovered earlier this year.
As part of the data breach, unknown actors were able to access without authorization files stored on the Literacy Works Information System and a legacy unemployment insurance service database, the Department revealed.
An investigation conducted by the Maryland Department of Information Technology (DoIT) has concluded that “some personally identifiable information may have been accessed without authorization.”
The actors accessed LWIS files from 2009, 2010, and 2014, and possibly contained information such as first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers.
The files in the affected unemployment insurance service database were from 2013 and possibly contained first names, last names, and social security numbers.
According to the Maryland Department of Labor, the actors don’t appear to have downloaded or misused the information contained in those files.
“To date, this investigation has not produced evidence to confirm that any personally identifiable information was downloaded or extracted from Labor servers,” the Department reveals.
The Department says it is already in the process of contacting the customers who were impacted by the incident. All those who believe they might have been affected are advised to carefully monitor their accounts.
The Maryland DoIT has already implemented countermeasures and notified law enforcement on the incident. An independent expert was retained to investigate how the information was accessed.
“A full review of the department’s protocols and security measures has been completed to prevent future incidents,” the Department of Labor notes.
While the Department of Labor did not provide details on the number of impacted customers, Maryland’s WMAR-2 says 78,000 people may have had their PII stolen in the data breach.