* Saturday evening press release…
Statement from 115th District State Representative Terri Bryant on a possible massive data breach involving the private information of thousands of Illinois unemployment applicants.
“On Friday, May 15, 2020, a concerned constituent made me aware of a potential data breach at the Illinois Department of Employment Security.
Through a series of just two clicks, this constituent stumbled upon the personal information of thousands of unemployment applicants on the IDES website. This came up in a spreadsheet with thousands of names containing sensitive information. The information she was able to access included the name, address, social security number, and unemployment claimant ID number of thousands of people.
My constituent was visibly shaken, and worried, and shared her discovery with me. My office immediately brought this to the attention of IDES officials and the Governor’s office. We have since demanded answers multiple times. I sent the Governor and the director of the IDES a letter earlier today demanding answers. As of now, the only official response I have received from the Governor’s office has been an email reply to my letter that said, “Thank you Representative. We are aware and fixing the problem.”
The people of Illinois deserve better!
Hundreds of thousands of Illinoisans are stressed and struggling! It is imperative that Governor Pritzker and his administration answer my questions immediately.
Here are the questions I asked:
1. Is IDES aware of any potential data breach involving the personal information of thousands of Illinoisans that have applied for unemployment?
2. Is Governor Pritzker or his staff aware of any potential breach involving the personal information of thousands of Illinoisans that have applied for unemployment?
3. How long was the personal information of unemployment applicants available for other applicants to see?
4. Has the problem been resolved? Is there any possibility that thousands of Illinoisans that have applied for unemployment assistance through the IDES website have had their identity compromised?
* From Jordan Abudayyeh…
IDES is aware there was a glitch in the new PUA system that made some private information publicly available for a short time and worked to immediately remedy the situation. A full investigation is under way to assess exactly what happened and how many people were impacted. Those who were impacted will be notified.
* IDES…
The Illinois Department of Employment Security (IDES) has confirmed a limited data access issue within the new Pandemic Unemployment Assistance (PUA) system. An analysis found that one PUA claimant was able to inadvertently access personal identifying information of a limited number of claimants. That claimant notified the Department of the issue and within an hour, it was corrected to prevent any future unauthorized access.
IDES has contracted with Deloitte to create and maintain the web-based PUA portal, which went live on Monday, May 11, and is working in partnership with the vendor to run a full-scale investigation into the matter while conducting additional testing to prevent any potential future occurrences. IDES will release results of the analysis once completed and notify anyone affected. IDES will also explore further remediation on the part of Deloitte upon completion of the investigation.
The Department encourages claimants to continue filing for unemployment benefits through the PUA portal if they are still in need or have not yet done so already. Though the system is only one week old, more than 50,000 claims have been processed through the PUA system. PUA provides 100% federally-funded unemployment benefits for individuals who are unemployed for specified COVID-19-related reasons and are not eligible for the state’s regular unemployment insurance program, the extended benefit (EB) program under Illinois law, or the Pandemic Emergency Unemployment Compensation program (PEUC), including independent contractors and sole-proprietors. Up to 39 weeks’ worth of benefits are potentially available under the program for COVID-19-related unemployment claims.
- Fighter of Foo - Monday, May 18, 20 @ 9:22 am:
Yikes. There is a special place in H E double Hockey sticks for hackers that mess with peoples lives.
- Former Local Prosecutor - Monday, May 18, 20 @ 9:23 am:
This is a debacle and heaven forbid anyone suffers identity theft due to the gross incompetence of IDES.
Governors own.
- Oswego Willy - Monday, May 18, 20 @ 9:34 am:
=== Governors own.===
Please wear a protective mask if you’re gonna mouth breathe like that.
The governor owns this debacle. Its been weeks and weeks and yet we find ourselves with serious IDES issues, some seemingly still not resolved from the beginning.
If your concern is “governors own” when the national unemployment is 20% or 1 in 5… your lack of concern for those needing, desperately, the unemployment benefit… congratulations, your pettiness is seen. Good on you.
This needs to be resolved. The continued struggle here is unacceptable these many weeks.
- Anon E Moose - Monday, May 18, 20 @ 9:42 am:
And you still can’t get someone on the phone. The website and chat function are so limited that you have to call to fix most things. The State said there was an option to have IDES call you back but I haven’t seen this anywhere.
- {Sigh} - Monday, May 18, 20 @ 9:45 am:
=The people of Illinois deserve better!=
Did Rep. Bryant show the same outrage when there was a breach under the Rauner administration?
“Rauner says employment agency security breach affects 1.4 million residents” https://www.chicagotribune.com/politics/ct-rauner-state-security-hack-20170324-story.html
- Marcus - Monday, May 18, 20 @ 9:49 am:
It doesn’t surprise me that there was a major issue with IDES. Anyone who has worked at the state and worked with Medicaid, Snap, Child Care and now IDES will tell you the problems and issues this company causes. Do a google search of Deloitte and other states that have contracted with this company,and you will realize why there was an issue with IDES.
- Precinct Captain - Monday, May 18, 20 @ 10:12 am:
This is a different problem, but still:
Feds Suspect Vast Fraud Network Is Targeting U.S. Unemployment Systems
Investigators see evidence of a sophisticated international attack they said could siphon hundreds of millions of dollars that were intended for the unemployed.
https://www.nytimes.com/2020/05/16/us/coronavirus-unemployment-fraud-secret-service-washington.html
- Bruce (no not him) - Monday, May 18, 20 @ 10:23 am:
“Limited data access issue” unless it’s your info. Then it’s a BIG issue. Unfortunately, not a surprise. Trying to put this program together in an emergency basis, is a recipe for disaster.
- Seeking context - Monday, May 18, 20 @ 10:29 am:
How much culpability does the third-party vendor who helped make these systems have in this matter?
- PUA Applicant - Monday, May 18, 20 @ 11:41 am:
I applied for PUA since I am a ride share driver. I retired a few years ago but had to start making some extra income since I only get a pension of $1100 per month. IDES denied my claim so PUA was the only other option and now I may get denied again because of the small pension AND now I may have had my identity compromised as well. This has not been a very good year!
- LTSW - Monday, May 18, 20 @ 1:16 pm:
“…contracted with Deloitte…” that explains it all right there.
- Not Surprised - Monday, May 18, 20 @ 1:56 pm:
Deloitte was in involved ….when will a closer look be given to the contracts they have been awarded.
- Mama - Monday, May 18, 20 @ 2:32 pm:
Hope they find out soon who hacked one of the state of Illinois’s computer systems. Did Russia hack another one of our computer systems again? After all it is election time again.
The IT group have been working on fixing the problem - - what more can one do? Geez.
- Anonymous - Monday, May 18, 20 @ 2:40 pm:
COULD HAVE USED DEPT OF LABOR SOFTWARE WEEKS AGO WENT WITH CRONIES OF DEM PARTY DELOITTE
- Anonymous - Monday, May 18, 20 @ 7:02 pm:
Not sure why DOIT is so much enamored of Deloitte. Only other agency that has this same fatal attraction with an IT consulting firm is Tollway with SDI. Are there any others?
- Thinking - Tuesday, May 19, 20 @ 7:13 am:
Anonymous @7:02-This wasn’t DoIT for once-this is IDES who went with Deloitte.