This blog will be updated as more information becomes available
Reports of accidental exposures and data leaks from five different states’ unemployment websites have some consumers concerned. Illinois, Arkansas, Colorado, Ohio and, most recently, Florida have all suffered recent unemployment department data exposures due to their quick response in setting up convenient, DIY websites for those seeking unemployment benefits due to closures from the coronavirus.
Pandemic Unemployment Assistance, or PUA, offers federal assistance to those who are affected by the quarantine. The PUA can be especially helpful as self-employed people, independent contractors and other “gig economy” workers can receive assistance during this time.
In an effort to expedite the submission and processing of these applications, many states have relied on outside vendors to establish their PUA application web portals. Unfortunately, in the rush to help consumers, some of those websites launched before they could be thoroughly quality tested and reviewed for security. The multiple unemployment department data exposures left tens of thousands of users’ complete identities exposed, leading to even more cause for concern.
In each of the five states, the PUA application sites were taken down until they could be secured. Two states, Colorado and Ohio, were notified by Deloitte, their vendor, as to the exposure. One state is already offering credit monitoring to all 72,000 of its PUA recipients, while the others are still investigating and could offer support as their findings unfold.
Also, due to the difficulties surrounding quarantine and employment at this time, the Identity Theft Resource Center has seen cases where workers received notifications that their unemployment application was approved, even though they had not applied for assistance or were still working. However, there is no known link between those cases and the current issues with the Pandemic Unemployment Assistance sites.
All consumers should remain aware of the threat, regardless of their current employment status. If anyone suspects that their personally identifiable information has been exposed or compromised, they are encouraged to place a freeze on their credit reports with the three major credit reporting agencies. They are also encouraged to use anti-virus solutions to secure their devices and protect their online accounts, update their old passwords to a stronger passphrase and make sure none of those passphrases on their personal accounts are also used on their work accounts.
Anyone who has questions or believes they have been affected by an unemployment department data exposure is urged to live-chat with an Identity Theft Resource Center expert advisor. Victims can also call the ITRC toll-free at 888.400.5530. Another tool for victims of a data breach or data exposure is the ID Theft Help App. The app can serve as a “breach activity” case manager for those impacted.
You might also like…