Esto también se puede leer en español.

Leer en español

Don't show this again

Sonos Arc review Watch George Floyd's memorial service GTA Online, Red Dead Online outage for George Floyd memorial CES 2021 plans to be physical Snapchat will no longer promote Trump's account Sega Game Gear Micro

Personal data used in COVID-19 unemployment claims exposed in breach

Deloitte's system enabled access to applicants' data.

password-security-laptop-0368

Thousands of Social Security numbers were reportedly exposed.

Angela Lang/CNET
For the most up-to-date news and information about the coronavirus pandemic, visit the WHO website.

The personal data of people seeking coronavirus-related unemployment benefits was exposed over the weekend, the Ohio Department of Job and Family Services (ODJFS) confirmed Wednesday. Deloitte, which administers the program, notified ODJFS that about a dozen people were able to view other claimants' data in that state. The data reportedly included thousands of Social Security numbers and home addresses.

Deloitte fixed the issue within an hour, ODJFS said, with the department contacting those who were accidentally given access to others' data.

In a response Friday, Deloitte said "a unique circumstance" allowed three dozen unemployment claimants across Colorado, Illinois and Ohio to see the details of others.

"We are deeply committed to protecting the personal information of our clients and the people they serve," a Deloitte spokesperson added. "The systems were not hacked or externally breached."

"Although there is no evidence of any widespread data compromise, Deloitte is offering credit monitoring to all [Pandemic Unemployment Assistance] claimants for 12 months," ODJFS said.

On Thursday, Ohio residents filed lawsuits against Deloitte for its handling of their data, alleging negligence and poor security practices led to the exposure. The suits, filed in federal court in Manhattan and state court in Ohio, were reported earlier by Bloomberg.

Those seeking unemployment benefits in Colorado were also affected, the state's Department of Labor and Employment confirmed Friday. "On Saturday, May 16th, we were notified of a limited and intermittent data access issue where a handful of individuals within the new Colorado Pandemic Unemployment Assistance application were inadvertently able to view other claimants' correspondence," the department said in an emailed statement. "Deloitte worked swiftly once the unauthorized access was identified and fixed the issue within one hour."

The exposure is the latest headache for unemployment applicants during the coronavirus pandemic. Others who've applied have found that they're victims of identity theft, and that someone else has already claimed benefits in their name, according to complaints to the FTC. On Saturday, cybersecurity writer Brian Krebs reported that the US Secret Service had issued a warning about a Nigerian crime ring using stolen Social Security numbers to apply for unemployment benefits.

The Illinois Department of Employment Security didn't immediately respond to a request for comment.