A data breach from a firm that helped states process new unemployment claims at the beginning of the pandemic has affected thousands of people.
Under the CARES Act, the federal government added $600 to unemployment checks that were distributed by states and allowed individual contractors who were not previously eligible for unemployment to file for checks as their businesses closed. Deloitte, an accounting firm, helped Ohio, Illinois, and Colorado set up online portals to allow those states to process unique unemployment filings.
According to Deloitte, a data breach allowed the personal information of thousands to be seen by individuals who were similarly filing. In total, three dozen individuals were able to see the personal information, including social security numbers and addresses, of thousands in the system. Deloitte said the breaches were spotted within an hour. The breach only affected filers in Ohio, Illinois, and Colorado, but the firm did work with other states.
One woman in Illinois called her state representative’s office to notify him after she was able to see a spreadsheet with the personal information of every individual who had filed. Republican state Rep. Terri Bryant said the woman was “visibly shaken” when she reported the breach. Bryant notified the press about the breach nearly 32 hours after telling Illinois Gov. J.B. Pritzker. Byrant expressed frustration at Pritzker’s decision to wait to notify individuals about the breach.
Deloitte notified every individual who may have been compromised by the breach via email. The notice read: “Deloitte discovered on May 15, 2020 that your name, Social Security number, and street address pertaining to your application for and receipt of unemployment compensation benefits inadvertently had the capability to be viewed by other unemployment claimants.”
The firm said there was “no evidence” that the information was used by those who could see the data. Deloitte’s notice left many concerned about their credit.
“The anxiety and uncertainty of being laid off for two months was alleviated for one day. Now, I have to worry about someone possibly stealing my identity and wreaking havoc on my credit. It feels like unemployed Ohioans really can’t catch a break,” Emily West, a 23-year-old waitress, told ABC News.
Deloitte apologize for the breach and noted that it would provide one year of free credit monitoring to those who were included in the breach.
“We are deeply committed to protecting the personal information of our clients and the people they serve. The systems were not breached. A unique circumstance enabled about three dozen Pandemic Unemployment Assistance claimants across three states to inadvertently access a restricted page when logged into their state’s PUA website,” Deloitte said.
“Within an hour of learning of this issue, we identified the cause and stopped the unauthorized access to prevent additional occurrences. Out of an abundance of caution, we are offering 12 months of free credit monitoring to those [Pandemic Unemployment Assistance] claimants potentially impacted,” it added.
Many individuals have struggled to file for unemployment as the state-run systems were rocked by an unprecedented volume of new claims. Nearly 39 million people have filed jobless claims since the pandemic began.
