A data breach for the Illinois’ new system to process unemployment claims for contractors and gig workers exposed personal information for potentially thousands of people, but state officials said the error was fixed within an hour of learning of the issue. The Illinois Department of Employment Security confirmed one person who has filed claim for benefits through the Pandemic Unemployment Assistance program was able to access personal information for “a limited number of claimants” on Friday. Illinois State Rep. Terri Bryant (R-Murphysboro) said a constituent in her district made her aware of the data breach, after inadvertently accessing a spreadsheet with names and personal information for thousands of unemployment applicants. IDES said the problem was fixed within an hour of being notified.
SPRINGFIELD – The Illinois Department of Employment Security has confirmed that a new online portal that processes claims for federal Pandemic Unemployment Assistance briefly allowed public access to applicants’ personal information including Social… https://t.co/HC0Z9qsOrP
— Effingham Daily News (@EDNMain) May 18, 2020
All indications are that this was an accidental software issue, but such incidents can be the cause of massive breaches of trust as well as data. Given the critical need for data security for businesses and people in stressed economic times, organizations establishing new services should really take a look at more modern, snap-in data tokenization technology to modernize their approach to data collection.
When storing critically sensitive data, security and privacy must always be at the front of the discussion. While the issue in this particular breach was reportedly rectified in an hour, that is still long enough for dangerous criminals to steal troves of valuable personal information and leverage it for their own monetary gain – either by selling it on the dark web or conducting identity fraud.
No matter what the reason is behind this particular data exposure, this incident surely points out that any kind of data could be at risk and at any given time. Therefore, more must be done to consider data protection and privacy at the earliest point of entry into databases, files, and other stored areas, as to minimise exposures of all sizes