Cyber Incident Victim: Maryland Department of Labor

On July 5, 2019, the Maryland Department of Labor (DoL) disclosed a data breach impacting approximately 78,000 individuals. Unauthorized access occurred to two systems: the Literacy Works Information System (LWIS) and a legacy unemployment insurance service database. The LWIS files involved were from 2009, 2010, and 2014, potentially exposing first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates, and record numbers. The unemployment insurance database files dated to 2013 and contained first names, last names, and social security numbers. Maryland’s Department of Information Technology (DoIT) launched an investigation but found no evidence that personally identifiable information was downloaded or extracted from the servers. The department initiated internal security breach protocols, implemented countermeasures, and engaged an independent security expert alongside law enforcement agencies.

Affected individuals were notified of the incident and offered two years of free credit monitoring through Experian’s IdentityWorks. Enrollment instructions were distributed via mail, with a dedicated hotline (410-767-5899) and email address ([email protected]) available for inquiries during business hours. Acting Labor Secretary James E. Rzepkowski publicly acknowledged the sophistication of modern cybersecurity threats and emphasized the department’s commitment to safeguarding customer data. While no misuse of the exposed information was confirmed, the DoL advised impacted individuals to monitor their accounts for unusual activity. The breach’s scope was confined to historical records, with no indication of ongoing system compromise or data exfiltration beyond initial unauthorized access. Remediation efforts focused on securing affected systems and providing compensatory protections to those at potential risk.