Ohio Department of Jobs and Family Services Points Finger At Deloitte For Security Breach
By David H.
As of May 12, 2020, the Ohio Department of Job and Family Services (ODJFS) declared the pre-registration of the Pandemic Unemployment Assistance (PUA) program open. On May 20, 2020, ODJFS informed applicants of their contracted company Deloitte, discovering close to 24 names, social security numbers, and street addresses of PUA applicants for unemployment compensation benefits were visible to other unemployment claimants on May 15, 2020.
Deloitte states they began an investigation and, upon discovering the exposure, immediately took steps to stop further access. Deloitte strongly suggests applicants monitor their credit by obtaining a copy of their credit report from one of the three national credit bureaus to reduce their chances of further exposure to their personal information.
Here is the exclusive email obtained by one of our dedicated readers:
Dear PUA Applicant:
Deloitte Consulting is currently under contract with the Ohio Department of Job and Family Services (ODJFS) to assist the state of Ohio in administering the Pandemic Unemployment Assistance (PUA) program. Deloitte discovered on May 15, 2020, that your name, Social Security number, and street address pertaining to your application for and receipt of unemployment compensation benefits inadvertently had the capability to be viewed by other unemployment claimants. Thereafter, Deloitte immediately began an investigation and upon discovering the exposure, Deloitte immediately took steps to stop further access to and exposure of your personal information.
At this time, there is no evidence or indication to believe that your personal information was improperly used; therefore, our actions, as well as the actions you may want to consider, are preventative.
As a precaution, you may want to monitor your credit by obtaining a copy of your credit report from one of the three national credit bureaus. Federal law entitles every individual to one free credit report per year from each of the three main bureaus.
You may also have a fraud alert placed on your consumer credit file by contacting one of the national credit bureaus. Once one credit bureau places a fraud alert on your credit file, it notifies the other two bureaus. Fraud alerts are typically in effect for 90 days but can be renewed. The credit bureaus may be contacted at:
Equifax: (800) 525-6285 (http://www.equifax.com)
Experian: (888) 397-3742 (http://www.experian.com)
TransUnion: (800) 680-7289 (http://www.tuc.com)
Additionally, Ohio law allows you to place a security freeze on your credit report by contacting one of the bureaus listed above. Should you wish to open a new line of credit while your report is frozen, you may temporarily lift this security freeze by telephone or online by providing a security code. Credit reporting agencies may charge a fee of no more than $5 for each freeze and unfreeze of your report.
If you wish to receive free Experian IdentityWorks identity protection services for the next 12 months, you will receive a follow-up email with enrollment details that will be sent to you via Deloitte or directly from Experian within 3-5 days.
Finally, to find out more about protecting your personal information, visit the Ohio Attorney General’s Identity Theft protection page (http://www.ohioattorneygeneral.gov/IdentityTheft) and/or the Federal Trade Commission’s identity theft assistance page (https://www.consumer.ftc.gov/features/feature-0014-identity-theft).
We apologize for any concerns or inconvenience as a result of this unauthorized incident. Please be assured that we take very seriously our responsibility to safeguard the personal information you entrust to our care, and deeply regret that this incident occurred.
If you have questions or concerns that remain unaddressed after reviewing this information, please email DeloitteIdentityhelp@jfs.ohio.gov.
For those in Ohio who want to contact Deloitte directly for more information:
180 East Broad Street
Follow us on Twitter today.