Deloitte State Unemployment Portals Data Breach Class Action

As part of the federal government’s Pandemic Unemployment Assistance (PUA) program, rules for unemployment payments have temporarily changed. Deloitte Consulting, LLP contracted with a number of states to set up portals to administer the program. Unemployed individuals may use these portals to apply for unemployment payments and communicate with the officials for their state. Unfortunately, the portals exposed these individuals’ data.

Deloitte contracted to provide these services with a number of state agencies—the Ohio Department of Job and Family Services (ODJFS), the Illinois Department of Employment Security (IDES), the Colorado Department of Labor and Employment (CDLE), and the Arkansas Division of Workforce Services (ADWS).

Naturally, Deloitte’s systems would have to collect and store personally identifying information (PII). According to the complaint, then Deloitte was aware that it would be handling sensitive information and that it would need to safeguard that information. However, within a short time, the private information of thousands of applicants for unemployment benefits was exposed. The state agencies contacted Deloitte to alert it to the problem.

The complaint alleges, “In May 2020, officials from these state agencies publicly announced that these digital systems Deloitte designed, built and maintained allowed public access to unemployment applicants’ PII, including but not limited to their name, social security number, and street address associated with your PUA claim, exposing this sensitive private data to unauthorized third parties…”

Correspondence from Deloitte presented the access as “limited” and said, “An analysis found that one PUA claimant was able to inadvertently access personal information of a limited number of other PUA claimants when logged into the system last week. That same claimant reported the issue and within an hour, it was corrected to prevent any future unauthorized access.”

The correspondence said that it was “unlikely” that the personal information stored in the system “was improperly used or is likely to be misused.” Nevertheless, it offered those whose information may have been exposed the option of enrolling in twelve months of free credit monitoring and suggested that those involved should check their yearly credit reports.

The complaint alleges negligence, negligence per se, breach of implied contract, bailment, and unjust enrichment, among other things.

A class and a subclass have been defined for this action.

  • The Nationwide Class is all persons in the US (including its territories and the District of Columbia) whose PII was compromised as a result of the data breach.
  • The Illinois Subclass is all persons in Illinois whose PII was compromised as a result of the data breach.
Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Deloitte State Unemployment Portals Data Breach Complaint

June 8, 2020

As part of the federal government’s Pandemic Unemployment Assistance (PUA) program, rules for unemployment payments have temporarily changed. Deloitte Consulting, LLP contracted with a number of states to set up portals to administer the program. Unemployed individuals may use these portals to apply for unemployment payments and communicate with the officials for their state. Unfortunately, the portals exposed these individuals’ data.

Deloitte State Unemployment Portals Data Breach Complaint

Case Event History

Deloitte State Unemployment Portals Data Breach Complaint

June 8, 2020

As part of the federal government’s Pandemic Unemployment Assistance (PUA) program, rules for unemployment payments have temporarily changed. Deloitte Consulting, LLP contracted with a number of states to set up portals to administer the program. Unemployed individuals may use these portals to apply for unemployment payments and communicate with the officials for their state. Unfortunately, the portals exposed these individuals’ data.

Deloitte State Unemployment Portals Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy