Data Breaches Impact Unemployment Benefit Applicants In Four States

Breaches Impact Unemployment Benefit Applicants

Unemployed workers in at least four states who are coping with layoffs from the impact of the coronavirus now have another worry, NBC News reported.

Arkansas, Colorado, Illinois and Ohio have warned tens of thousands of residents who have applied online for unemployment benefits due to COVID-19 of possible data breaches that could have exposed names, addresses and Social Security numbers.

NBC reports that these states and possibly others are warning unemployment applicants that “their personal information may have been leaked.” 

According to the report, the first incident in Arkansas may have occurred on May 5, when the state launched its online Pandemic Unemployment Assistance (PUA) program. Protech Solutions Inc., a Little Rock, Arkansas software company, developed the jobless benefits system for $3 million.

Alisha Curtis, a spokesperson for the Arkansas Commerce Department, said they were forced to close the website and contract 33,000 applicants who were exposed to a data security incident.

The Arkansas Times reported that a programmer trying to file for unemployment noticed a vulnerability that exposed the Social Security numbers and banking information of applicants. Arkansas’ PUA was shuttered on May 15 and was reopened on Wednesday (May 20), the newspaper reported.

Deloitte LLP, the global consulting accounting firm that had $42 billion in revenues last year, was hired by Colorado, Illinois and Ohio to develop their PUA programs.

Neither Protech nor Deloitte responded to NBC’s request for comment, but the states said Deloitte told them about the data leak as soon as it was discovered and said the error was fixed within an hour.

“It isn’t necessarily that unemployment systems are particularly vulnerable to data breaches,” Tarah Wheeler, a cybersecurity policy fellow at New America, a think tank based in Washington, told NBC. “It’s that almost every kind of governmental data system, which is locally implemented on a shoestring budget, begun by a contractor who bid the lowest and abandoned by the former and following administrations, is likely to be just as bad.”