Data breach alert: Unemployment applicants at risk for identity theft
May 23, 2020
By Kim Komando
COVID-19 may decimate the health of at-risk patients, but those of us who aren’t getting sick are still feeling the economic sting of the deadly virus. Since March, more than 30 million jobs have been lost in the U.S., leaving many Americans to rely on unemployment benefits to make ends meet.
Fortunately, Congress passed the CARES Act, which expanded unemployment benefits by an additional $600 per week until July. But not everyone has been able to take advantage of these payments thanks to poor and outdated computer infrastructure. Tap or click here to see why unemployment systems are run on 60-year-old machines.
And if that weren’t bad enough, a series of data leaks appear to have affected unemployment systems in at least four different states. If you’re relying on these benefits right now, here’s what you need to know to protect your identity.
Kicking people while they’re down
We already know hackers and cybercriminals have little-to-no scruples as it is, but this is ridiculous! NBC News says unemployed Americans in Arkansas, Colorado, Illinois and Ohio may all be at risk for identity theft thanks to a series of unexpected data breaches.
The first breach, which targeted beneficiaries in Arkansas, was discovered by a programmer who was filing for unemployment benefits of their own. They noticed a vulnerability in the website’s construction that exposed Social Security numbers and banking information of people who had applied.
Since the discovery, the state temporarily took the website down and informed potential victims by email. At least 33,000 applicants were exposed in this breach.
As for the other states, the breaches were far worse. All three states — Colorado, Illinois and Ohio — all relied on the same vendor to create their website: Deloitte, an international consulting company.
Due to a glitch in the website, one applicant was able to see a trove of unprotected personal data — including names, full Social Security numbers, addresses, and “correspondence with the state Employment Security Department.”
Deloitte claims to have fixed the issue once it was brought to attention, and that only around 35 individuals were able to see the full spectrum of data the site hosted across the affected states.
Why is this happening? What can I do?
All of these breaches have one thing in common: Low-budget websites created in a short span of time under emergency pressures. Even during non-emergency periods, state budgets for online infrastructure are woefully small. The time constraint only adds additional risk factors into the mix.
If you haven’t received an email alert from your state regarding a data breach, you’re most likely in the clear for now. Both of these breaches appear to have happened within short windows of time, meaning it’s unlikely that hackers had a chance to take advantage of them.
Unless, of course, someone applying for benefits just happened to be a hacker themselves!
In any case, protecting yourself from the fallout of these breaches is the same process as with any other data leak. First, call a credit reporting agency and consider freezing your credit. Because this breach deals more with personal information like your SSN, this is more critical to do than ever. Tap or click here to see how to freeze your credit.
In addition, signing up for an identity protection service can inform you of fraudulent activity happening in your name. We recommend our sponsor Identity Guard, which includes a robust suite of security features like bank alerts, threat analysis, and Dark Web monitoring for your most valuable logins.
Beyond that, you may also want to change your email password and set up two-factor authentication. Tap or click here to see how to do it.
Even if you haven’t received the email, if you’re a resident of the affected states, you can’t be too careful. If you’re out of work and tight on money, the last thing you want is your bank account drained by a digital psycho.
https://www.komando.com/tips/cybersecurity/identity-thieves-target-unemployment-applicants/