Compliance Management, Network Security, Privacy

Colorado, Florida & Ohio become latest states to disclose PUA program data leaks

Colorado, Ohio and Florida have become the latest states to disclose the accidental exposure of information belonging to citizens who applied to the federal Pandemic Unemployment Assistance program as a means of seeking some financial security during the ongoing COVID-19 crisis.

In all cases, the states said a very limited number of people inadvertently gained access to others' information.

The Ohio Department of Jobs and Family Services on Wednesday reportedly [1, 2, 3] acknowledged a "data issue" that exposed names, Social Security numbers and street addresses to roughly two dozen individuals. The problem was discovered by Deloitte Consulting, which has been assisting the ODJFS in the administration of the PUA program.

And the Colorado Department of Labor and Employment reportedly [1, 2] said that on May 16, it learned that six people were accidentally granted "intermittent access to 'admin' screens." As a result, the state's PUA claimants are now eligible for a year of free credit monitoring.

Deloitte, which reportedly has been partnering with Colorado as well, fixed the issue within an hour of it being identified, the department said.

And on Thursday, May 21, the Florida Department of Economic Opportunity reportedly [1, 2] disclosed a data incident that affected 98 individuals. "This issue was addressed within one hour after we became aware of the incident," the statement reads. The department said although it has not received any reports of malicious activity, "we are making available identity protection services at no charge to affected individuals, and we have also advised them to report any unauthorized activity on their financial accounts."

Arkansas and Illinois have already experienced similar data leaks through their PUA web-based services. Experts told SC Media earlier this week that such mistakes are likely the results of states hastily propping of websites, portals and services to manage a heavy influx of PUA requests. Illinois reportedly also used Deloitte as a partner to set up online PUA capabilities -- a common thread between the Illinois, Ohio and Colorado disclosures.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.