Deloitte Pandemic Unemployment Assistance Portal Data Breach Class Action

Recently, new routes have had to be established to access distribute funds intended for relief from Covid-19 effects. Deloitte Consulting, LLP is helping some state agencies to administer the federal Pandemic Unemployment Assistance program (PUA). However, the complaint alleges that the company’s systems allowed public access to personally identifiable information (PII) entered there, including Social Security numbers.

The class for this action is all persons whose personal information was compromised as a result of the PUA portal data breach.

The PUA is part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act. It extends unemployment protections to members of the workforce who are self-employed, freelancers, independent contractors, and part-time workers. It is intended to help states provide unemployment relief to workers displaced from their jobs by Covid-19.

Deloitte provides employment and labor services to some states. It helps them administer unemployment insurance benefits, by providing claims services, benefits payment control, reporting services, administrative services, and document management.

Among the state agencies Deloitte works with are the Ohio Department of Job and Family Services (ODJFS), the Illinois Department of Employment Security (IDES), and the Colorado Department of Labor and Employment (CDLE). Deloitte’s assistance includes providing these states with online portals through which individuals can apply for unemployment benefits and can communicate with their state agencies.

The complaint says, “Applicants … reasonably expect that when they provide PII to a company, the company will safeguard their PII.” The Federal Trade Commission (FTC) publishes guidelines with basic security standards for businesses for cybersecurity and the protection of PII.

The PUA required a new processing system to handle the new types of claims permitted, the states contracted with Deloitte to ask it to come up with a new cloud-based portal system. The complaint says, “The PUA program went ‘live’ on May 11, 2020.

Just days later, on May 15, the Illinois governor was informed that someone had “stumbled upon” a spreadsheet on the Illinois portal of the system that held the PII of thousands of applicants for unemployment. The information exposed included names, addresses, Social Security numbers, and unemployment claim numbers.

The Illinois agency, IDES, confirmed that it was aware of the “glitch” in the system, claimed it had exposed information “for a short time” and that Deloitte had worked to stop this. The next day, CDLE admitted it had had a “data access problem” but claimed that Deloitte had fixed the problem within an hour.

On May 20, the plaintiffs in this case received notice from ODJFS of the data breach in its systems and the exposure of the PII of persons who’d recently applied for unemployment benefits. The complaint alleges that Deloitte’s “substandard security practices were a direct and proximate cause” of this data breach.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Deloitte Pandemic Unemployment Assistance Portal Data Breach Complaint

May 21, 2020

Recently, new routes have had to be established to access distribute funds intended for relief from Covid-19 effects. Deloitte Consulting, LLP is helping some state agencies to administer the federal Pandemic Unemployment Assistance program (PUA). However, the complaint alleges that the company’s systems allowed public access to personally identifiable information (PII) entered there, including Social Security numbers.

Deloitte Pandemic Unemployment Assistance Portal Data Breach Complaint

Case Event History

Deloitte Pandemic Unemployment Assistance Portal Data Breach Complaint

May 21, 2020

Recently, new routes have had to be established to access distribute funds intended for relief from Covid-19 effects. Deloitte Consulting, LLP is helping some state agencies to administer the federal Pandemic Unemployment Assistance program (PUA). However, the complaint alleges that the company’s systems allowed public access to personally identifiable information (PII) entered there, including Social Security numbers.

Deloitte Pandemic Unemployment Assistance Portal Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy