The Maryland Department of Labor reported Friday that it has begun notifying 78,000 customers about a breach to its database system and some personally identifiable information might have been accessed.
Department officials say that a review has not shown any misuse of the data, which came from the Literacy Works Information System and a legacy unemployment insurance service database, according to the state’s Department of Information Technology, which was tapped to investigate the incident earlier this year.
That department has taken countermeasures to prevent future breaches through Labor’s servers and notified law enforcement. The state has hired an independent expert to investigate how the information was accessed.
Information on the breach comes as Baltimore continues to recover from a ransomware attack that has cost millions of dollars and disrupted billing and services. Other cities and departments have grappled with how to best protect themselves from hackers, including better cyber defenses and even insurance.
Last month, Republican Gov. Larry Hogan issued an executive order on cybersecurity. It called for establishment of the Office of Security Management and the Maryland Cybersecurity Coordinating Council. The offices are charged with strengthening the state’s cybersecurity infrastructure and boosting its ability to respond to a breach.
“Maryland is working to ensure its cybersecurity strategy and policy are in alignment with best practices and the latest federal standards and guidelines,” said John Evans, Maryland’s chief information security officer. “We are working with the Department of Labor to minimize the impact of this breach, and to prevent future misuse of state systems.”
At the Department of Labor, James E. Rzepkowski, acting state labor secretary, said anyone who believes their data might have been affected needs to be vigilant. The state is offering those affected two years of free credit monitoring through an independent service.
The files accessed from the Literacy Works Information System were from 2009, 2010 and 2014 and possibly included names, Social Security numbers, dates of birth, place of residence, graduation data and record numbers. Files from the unemployment insurance database were from 2013 and possibly contained names and Social Security numbers.
“We live in an age of highly sophisticated information security threats,” he said in a statement. “We are committed to doing all we can to protect our customers and their information. We strongly urge those impacted to be vigilant about unusual activity on their accounts, and to take advantage of the credit monitoring being offered by the state.”
Other customers who believe they have been affected can email email@example.com or call 410-767-5899 Monday through Friday from 8 a.m. to 4:30 p.m, or they can visit labor.maryland.gov/datahotline.