Expert Commentary: Data Breach In State’s New PUA Unemployment System Exposes Some Claimants’ Personal Info

A data breach for the Illinois’ new system to process unemployment claims for contractors and gig workers exposed personal information for potentially thousands of people, but state officials said the error was fixed within an hour of learning of the issue. The Illinois Department of Employment Security confirmed one person who has filed claim for benefits through the Pandemic Unemployment Assistance program was able to access personal information for “a limited number of claimants” on Friday. Illinois State Rep. Terri Bryant (R-Murphysboro) said a constituent in her district made her aware of the data breach, after inadvertently accessing a spreadsheet with names and personal information for thousands of unemployment applicants. IDES said the problem was fixed within an hour of being notified.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Mark Bower
Mark Bower , Senior Vice President
InfoSec Expert
May 19, 2020 7:48 am

All indications are that this was an accidental software issue, but such incidents can be the cause of massive breaches of trust as well as data. Given the critical need for data security for businesses and people in stressed economic times, organizations establishing new services should really take a look at more modern, snap-in data tokenization technology to modernize their approach to data collection.

When storing critically sensitive data, security and privacy must always be at the front of the discussion. While the issue in this particular breach was reportedly rectified in an hour, that is still long enough for dangerous criminals to steal troves of valuable personal information and leverage it for their own monetary gain – either by selling it on the dark web or conducting identity fraud.

No matter what the reason is behind this particular data exposure, this incident surely points out that any kind of data could be at risk and at any given time. Therefore, more must be done to consider data protection and privacy at the earliest point of entry into databases, files, and other stored areas, as to minimise exposures of all sizes

Last edited 2 years ago by Mark Bower
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x