Arkansas, Illinois, Ohio, and Colorado are among the four states who have experienced security issues on their Pandemic Unemployment Assistance (PUA) sites designed to offer unemployment benefits to residents. In three of the affected states, Deloitte was tasked to create the PUA website quickly but didn’t do so with security or privacy in mind.
As a result, the sites were susceptible to attacks but also allowed applicants to see the personal details of others who had applied for unemployment benefits. The exposed data included names, social security numbers, addresses, and communication between the individual and the state’s Employment Security Department.
Officials and security experts warn that this level of detailed exposure could lead to identity theft. Much of the problem stems from the fact that the sites were built extremely quickly and didn’t prioritize security or privacy. Still, this level of exposure seems like it should have been accounted for and it’s unknown whether Deloitte has other clients it’s built PUA sites for with similar issues.
For more details, visit NBC News.