A Bear's Face on Mars Blake Lively's New Role Recognizing a Stroke Data Privacy Day Easy Chocolate Cake Recipe Peacock Discount Dead Space Remake Mental Health Exercises
Want CNET to notify you of price drops and the latest stories?
No, thank you

Personal data used in COVID-19 unemployment claims exposed in breach

Deloitte's system enabled access to applicants' data.

Thousands of Social Security numbers were reportedly exposed.
Angela Lang/CNET
For the most up-to-date news and information about the coronavirus pandemic, visit the WHO and CDC websites.

The personal data of people seeking coronavirus-related unemployment benefits was exposed over the weekend, the Ohio Department of Job and Family Services (ODJFS) confirmed Wednesday. Deloitte, which administers the program, notified ODJFS that about a dozen people were able to view other claimants' data in that state. The data reportedly included thousands of Social Security numbers and home addresses.

Deloitte fixed the issue within an hour, ODJFS said, with the department contacting those who were accidentally given access to others' data.

In a response Friday, Deloitte said "a unique circumstance" allowed three dozen unemployment claimants across Colorado, Illinois and Ohio to see the details of others.

"We are deeply committed to protecting the personal information of our clients and the people they serve," a Deloitte spokesperson added. "The systems were not hacked or externally breached."

"Although there is no evidence of any widespread data compromise, Deloitte is offering credit monitoring to all [Pandemic Unemployment Assistance] claimants for 12 months," ODJFS said.

On Thursday, Ohio residents filed lawsuits against Deloitte for its handling of their data, alleging negligence and poor security practices led to the exposure. The suits, filed in federal court in Manhattan and state court in Ohio, were reported earlier by Bloomberg.

Those seeking unemployment benefits in Colorado were also affected, the state's Department of Labor and Employment confirmed Friday. "On Saturday, May 16th, we were notified of a limited and intermittent data access issue where a handful of individuals within the new Colorado Pandemic Unemployment Assistance application were inadvertently able to view other claimants' correspondence," the department said in an emailed statement. "Deloitte worked swiftly once the unauthorized access was identified and fixed the issue within one hour."

The exposure is the latest headache for unemployment applicants during the coronavirus pandemic. Others who've applied have found that they're victims of identity theft, and that someone else has already claimed benefits in their name, according to complaints to the FTC. On Saturday, cybersecurity writer Brian Krebs reported that the US Secret Service had issued a warning about a Nigerian crime ring using stolen Social Security numbers to apply for unemployment benefits.

The Illinois Department of Employment Security didn't immediately respond to a request for comment.