UIA’s computer system potentially exposed info of 1.87M people
February 7, 2017
Article courtesy of MIRS News Service
A vulnerable Unemployment Insurance Agency (UIA) computer system potentially exposed the names and social security numbers of as many as 1.87 million people, the state announced Friday.
The 1.87 million people possibly affected work for employers that process their payroll with the use of a vendor, so the pool of people affected goes beyond just those who collect unemployment benefits from the state.
There are 31 such third-party vendors that work with the UIA in the state, but the names of those firms were not released, with officials citing an ongoing investigation into the breach.
There were an estimated 4,363,600 total payroll jobs in Michigan in December 2016.
A software update for the UIA’s unemployment benefits computer system, which was implemented in October 2016, introduced a vulnerability that allowed authorized users of the system to access information they otherwise were not allowed to see, according to the Michigan Department of Technology, Management and Budget (DTMB).
The authorized users who potentially had access only include employers and other human resources professionals, not unemployment claimants or the general public, according to DTMB.
UIA spokesperson Dave MURRAY said one of the payroll vendors realized they had access to information that didn’t belong to one of their clients and brought it to the state’s attention.
State officials say it appears the information was not accessed “with malicious intent, but rather was accidentally viewed by employers accessing the system.”
The problem was identified Monday, but has been around since October 2016, when the software update was provided by the computer system’s vendor, FAST Enterprises.
The Michigan State Police Cyber Command Center is investigating the extent of how many people were exposed to the release of personal information.
While the state said as many 1.87 million people could be affected, the total number won’t be known until the investigation is completed.
In the meantime, DTMB spokesperson Caleb BUHS said the best way to find out if you’re a person who could be affected is to figure out if your employer uses a payroll vendor, and if that’s the case, to keep an eye on bank statements and consider pulling a free credit report.
The UIA computer system, also known as the Michigan Data Automated System (MiDAS) is the same one that’s gotten the UIA in hot water for automatically flagging unemployment claimants for fraud, but Murray said today these are two separate issues.
House Minority Leader Sam SINGH (D-East Lansing) said today that “Michigan’s Unemployment Insurance Agency continues to spiral out of control, from wrongly accusing residents of fraud to now potentially failing to protect the sensitive personal information of close to 1.9 million residents.”