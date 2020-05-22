Infosecurity Group Websites
Latest
News

Data Breach Afflicts Ohio’s Unemployment Office

A data breach at the Ohio Department of Job and Family Services (ODJFS) has exposed the personal data of Pandemic Unemployment Assistance (PUA) claimants. 

Personal information including names, Social Security numbers, home addresses, and claim receipts was exposed to other claimants due to a security vulnerability detected by Deloitte Consulting on May 15. Deloitte is the technology vendor for PUA systems in several states, including Ohio. 

“A unique circumstance enabled about two dozen Pandemic Unemployment Assistance claimants to inadvertently access a restricted page when logged into the state’s PUA website,” Deloitte said in the statement.

In a breach notification email sent to PUA claimants on May 20, ODJFS said the breach was fixed within one hour of discovery. 

The department stated: “Over the weekend, Deloitte notified ODJFS that about two dozen individuals inadvertently had the capability to view other PUA claimants’ correspondence.” 

According to the department there is no evidence to suggest that any "widespread data compromise" had occurred. 

More than 161,000 Ohioans have applied for unemployment assistance offered in the wake of COVID-19. ODJFS has not revealed how many of these claimants were affected by the data breach. 

Perhaps tellingly, every single Ohioan who has claimed PUA is being offered free credit monitoring by Deloitte Consulting for 12 months.

“A unique circumstance enabled about two dozen Pandemic Unemployment Assistance claimants to inadvertently access a restricted page when logged into the state’s PUA website,” Deloitte said in the statement. "Within an hour of learning of this issue, we identified the cause and stopped the unauthorized access to prevent additional occurrences.

Frustrated claimants, some of whom are still waiting to receive financial assistance under the PUA program, reported the breach on social media. 

ODJFS said action had been taken to ensure that the data breach was a one-off.

The department stated: “ODJFS holds the confidentiality of claimant data in the highest regard and agreed with the immediate steps Deloitte took to prevent any unauthorized PUA access in the future."

Unemployment claims in Ohio since the start of the coronavirus crisis passed the 1 million mark at the end of April, putting pressure on an archaic system.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

CISSP Qualification Given Cert Status Equivalent to Master’s Degree Level

2
News

Microsoft Warns of “Massive” #COVID19 RAT

3
News

REvil Ransomware Gang Threatens to Release Dirt on Trump

4
News

Stanford University Tops List of US Cybersecurity Degree Providers

5
News

29 VPN Services Owned by Six China-Based Organizations

6
News

Winnti Group Targets Video Game Developers with New Backdoor Malware

1
News

Mumbai Police Force Uses 'The Force' for Cyber-Safety Campaign

2
News

North Dakota's Contact Tracing App Sends User Data to Third Parties

3
News

Businesses Could Face Influx of Attacks When Offices Reopen

4
Opinion

Why the Industry Needs to Step Up Action on Malicious Domains

5
News

Data Breach Afflicts Ohio’s Unemployment Office

6
Opinion

Bank Data Integrity and #COVID19: Stop Copying Your Data!

1
Webinar

Safeguarding Your Digital Transformation with Detection and Response

2
Webinar

Protecting your Organization Against Phishing Attacks

3
Webinar

Infosecurity Magazine's Women In Cybersecurity - Virtual Event

4
Webinar

#WFH and Network Security – Lessons Learned So Far

5
Webinar

Building Remote Resilience: A Secure by Design Approach to Remote Working

6
Webinar

Avoiding the Security Pitfalls of Digital Transformation

1
Opinion

We Don’t Need More Cybersecurity, We Need Better Cybersecurity

2
Blog

Why Data Centers Need Formal Data End-of-Life Processes

3
Interview

Interview: Debra Danielson, CTO and SVP of Engineering, Digital Guardian

4
News Feature

Meeting the Author of the #LoveBug - ‘Crime Dot Com’ Preview

5
Next-Gen

Interview: David Shrier, Oxford Cyber Future

6
Webinar

Why Remediation Needs to be Part of Your Vulnerability Management Program