The Illinois Department of Employment Security (IDES) has acknowledged a security lapse that exposed the private information of independent contractors and the self-employed.
IDES blamed the security incident on a "glitch" in a new system rolled out to process the claims of citizens in the state of Illinois who need to file for unemployment benefits.
Names, Social Security numbers, and other data points -- including phone numbers and addresses -- related to unemployment claims were leaked through the scheme's website, which has been set up to give gig workers access to funds if they have lost their jobs due to the COVID-19 pandemic.
As reported by WBEZ, the new system -- known as Pandemic Unemployment Assistance (PUA) -- launched last week to cater to those who would otherwise not necessarily be covered by unemployment benefits in the state. Over 44,000 applicants opened a claim within the first 24 hours.
IDES' data leak was uncovered by a business owner who applied for benefits and realized she was able to view information belonging to others. According to the publication, "thousands and thousands" of records were available.
A spokesperson for Governor JB Pritzker's office acknowledged the problem, saying on Sunday that the IDES was "aware there was a glitch in the new PUA system that made some private information publicly available for a short time and worked to immediately remedy the situation."
The security hole was plugged within an hour. However, it is not known how many applicants may have been impacted.
The agency has also not revealed what caused the data leak in the first place but says that an investigation has been launched into the matter. Deloitte is working with IDES in a cyberforensics capacity and to improve the portal's security.
In Arkansas, access to the system was temporarily closed down due to the reported leak, with teams working over the weekend to try and process claims and push benefits "out the door."
Previous and related coverage
- COVID-19 blamed for 238% surge in cyberattacks against banks
- Cybersecurity 101: Protect your privacy from hackers, spies, and the government
- This new, unusual Trojan promises victims COVID-19 tax relief
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0