NASHVILLE, Tn. (WTVF) — A warning if you've ever used the state of Tennessee's website Jobs4TN.gov looking for work.
Your personal information may have been compromised. Someone managed to access thousands of resumes that job seekers had posted in the state's system.
So far, the state of Tennessee has yet to contact any of these people and warn them about what could happen with their information.
But, one victim told NewsChannel 5 Investigates, this breach has turned her life turned upside down.
"Yeah, it's pretty, pretty scary," Bethany Stollar exclaimed.
She's a college history professor and with classes out for the summer, she went looking for a job through the Tennessee Labor and Workforce Development Department and submitted her resume through the state's website Jobs4TN.gov.
And that's who she thought sent her a text in early July about a data entry/customer service position. The text even mentioned the state's website.
"I thought it was a legitimate job," Stollar explained.
But instead of being a real job, Stollar now fears it was all a ploy to steal her personal and financial information and even perhaps her identity.
The job supposedly was with the Chicago-based pharmaceutical company Abbvie.
Stollar went through a lengthy online interview where the interviewer went on and on about Abbvie.
And soon after, Stollar got an official job offer, that again, appeared to come from the company.
"And they're like, 'Congratulations. You seem like a perfect fit. You're gonna have a great time. We're a great company,'" Stollar recalled.
And once she accepted the job, someone claiming to be from Abbvie's HR department asked Stollar to send her banking information for direct deposit, along with pictures of her driver's license, social security card and even a full scan of her face.
"These people have all my, like, all my information, all my information that we are told since we're children, not give out to strangers. And I did, because I thought it was a legitimate job offer," Stollar shared.
But after she noticed the language in some of the correspondence to be a little off, she reached out to Abbvie, the real one, and discovered she'd been scammed.
Stollar asked their HR department, "Hey, do I have a job there? And she said, 'No, absolutely not.'"
Chris Cannon, spokesman for the Tennessee Labor Department, confirmed that someone used the state's database to target Tennesseans looking for jobs, remarking, " And, it seems to be a very elaborate scheme."
"And so who did this?" NewsChannel 5 Investigates then asked Cannon.
"That's the big question," he replied.
Whoever it was created an account, claiming to be a Nashville business, to get access to hundreds of thousands of resumes of potential employees. Then, once they were in, they pretended to be with Abbvie.
"They went in and just used false information, fraudulent information, to create an account. So it's not as if they circumvented the system to get in and hack into the system. They just went through the front door because the front door is open. Now we've got to make sure we have better security at that front door," Cannon explained.
Cannon said it appears that after the scammers lassoed Stollar in, they lay low for a couple of weeks and then, at the end of July, they accessed the resumes of another 2100 Tennessee job seekers, which triggered the system's security to flag the account and immediately block it.
Cannon said that before companies get access to resumes, they first are carefully vetted. So what happened with this one?
"This one just slipped through and it's just, you know, we have to go back and take a look at exactly what happened. But this is something that doesn't happen all the time and it did with this company," Cannon said.
Stollar's still not sure how this all will affect her down the road. But for now, she's had to freeze her bank and credit card accounts and closely monitor her credit history.
And she fears that because of this breach, others may also have to do the same thing.
"I think the state of Tennessee dropped the ball on that," she said.
The Labor Department said they have no idea whether the scammers tried to contact any of the other 2100 people whose resumes were compromised. The state said they have not heard from anyone other than Bethany Stollar. But this is probably the first any of those folks have heard about this breach.
Even though the scammers got into those 2100 resumes more than three weeks ago, the state confirms that it has still not reached out to any of these people to warn them that their information was accessed. The state said they're still trying to figure out how to contact these people and what to say.