Department of Labor Details Response to Cybersecurity Incident

Thorough Investigation Has Found No Information Misused; 
Affected Customers Offered Free Credit Monitoring

News Release, Maryland Department of Labor

BALTIMORE (July 5, 2019)—The Maryland Department of Labor today began notifying 78,000 customers with details about potential unauthorized activity on two of its database systems. While some personally identifiable information may have been accessed without authorization, a thorough investigation conducted by the Department has not revealed any misuse of the accessed data.

Earlier this year, at the request of the Maryland Department of Labor, the Maryland Department of Information Technology—the agency overseeing all state information technology functions and policies—initiated an investigation and determined that files stored on the Literacy Works Information System and a legacy unemployment insurance service database were subject to possible unauthorized access through the Internet.

Upon notification of the possibility of unauthorized access, Maryland DoIT implemented countermeasures and initiated an investigation. Working with the Department of Labor, Maryland DoIT also notified law enforcement and retained an independent expert to investigate how the information was accessed. A full review of the department’s protocols and security measures has been completed to prevent future incidents. To date, this investigation has not produced evidence to confirm that any personally identifiable information was downloaded or extracted from Labor servers. 

With this investigation now complete, the Department of Labor is contacting the customers who were impacted by the incident and encouraging them to carefully monitor their accounts. Those who have been affected will be offered two years of free credit monitoring through an independent service.

Customers who believe they have been affected by the incident can contact the Department of Labor’s dedicated hotline by emailing dataincident.labor@maryland.gov or calling 410-767-5899. This hotline will be staffed Monday-Friday from 8:00am-4:30pm. For additional information, please visit labor.maryland.gov/datahotline.

Files stored on the Literacy Works Information System (LWIS) and a legacy unemployment insurance service database were subject to the incident. The LWIS files impacted were from 2009, 2010, and 2014. These files possibly contained first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers. The files impacted on the unemployment insurance service database were from 2013 and possibly contained first names, last names, and social security numbers.

“We live in an age of highly sophisticated information security threats,” said Acting Labor Secretary James E. Rzepkowski. “We are committed to doing all we can to protect our customers and their information. We strongly urge those impacted to be vigilant about unusual activity on their accounts, and to take advantage of the credit monitoring being offered by the state.”

The increasing volume and enhanced capabilities of malicious actors have highlighted the importance of further securing data. Recognizing this growing threat, Governor Larry Hogan issued an executive order in June, which included hiring a Maryland Chief Information Security Officer and establishing the Office of Security Management and the Maryland Cybersecurity Coordinating Council. The three entities will work together to strengthen the state’s cybersecurity infrastructure while solidifying its ability to manage and minimize the consequences of a cybersecurity incident.

“Maryland is working to ensure its cybersecurity strategy and policy are in alignment with best practices and the latest federal standards and guidelines,” said John Evans, Maryland’s Chief Information Security Officer. “We are working with the Department of Labor to minimize the impact of this breach, and to prevent future misuse of state systems.”

For more information on protecting yourself from identity theft, including information on how to place freezes on your credit accounts, visit the Maryland Attorney General’s Identity Theft Unit at http://www.marylandattorneygeneral.gov/Pages/IdentityTheft/default.aspx.

The Southern Maryland Chronicle is a local, small business entrusted to provide factual, unbiased reporting to the Southern Maryland Community. While we look to local businesses for advertising, we hope to keep that cost as low as possible in order to attract even the smallest of local businesses and help them get out to the public. We must also be able to pay employees(part-time and full-time), along with equipment, and website related things. We never want to make the Chronicle a “pay-wall” style news site.

To that end, we are looking to the community to offer donations. Whether it’s a one-time donation or you set up a reoccurring monthly donation. It is all appreciated. All donations at this time will be going to furthering the Chronicle through hiring individuals that have the same goals of providing fair, and unbiased news to the community. For now, donations will be going to a business PayPal account I have set-up for the Southern Maryland Chronicle, KDC Designs. All business transactions currently occur within this PayPal account. If you have any questions regarding this you can email me at davidhiggins@southernmarylandchronicle.com

Thank you for all of your support and I hope to continue bringing Southern Maryland the best news possible for a very long time. — David M. Higgins II




© 2019 The Southern Maryland Chronicle. All Rights Reserved. This website is not intended for users located within the European Economic Area.