State says data breached in unemployment system, impacts thousands
Florida Department of Economic Opportunity confirmed with WINK News Friday claimant accounts were breached during potentially fraudulent activity within the CONNECT unemployment system recently.
According to DEO, it discovered July 16 that “information contained in the claimant account may have been accessed, including the following: Social Security number, driver’s license number, bank account numbers, claim information, and other personal details, such as address, phone number, and date of birth. In addition, the malicious actors may have acquired the account PIN that claimants use to access their CONNECT account.”
DEO says hackers were targeting claimant accounts through the CONNECT public claimant portal. A total of 57,920 claimant accounts were targeted. These targeted accounts might have been accessed by an unauthorized party. This activity might have occurred between April 27 and July 16.
DEO says there is no evidence of any other unauthorized access and no indication of related malicious activity on the department’s internal networks.
DEO did not originally make a public announcement after the time period when DEO says the breach occurred. Vanessa Brito, an unemployment advocate, tweeted Friday, claimants affected by the breach are now receiving email alerts from DEO.
DEO did not announce or alert us regarding this data breach. Now, those affected by the breach are receiving the email below.
The data breach occurred between 4/27/21 & 7/16/21and compromised personal informationike social security numbers and banking information.
— Vanessa Brito (@VanessaBritoMia) July 23, 2021
In response, the department has:
- Locked accounts targeted by this activity;
- Improved PIN security controls;
- Enhanced network security controls;
- Notified impacted claimants;
- Notified the Department of Legal Affairs, Department of Management Services, including the Division of State Technology, and the Florida Department of Law Enforcement;
- Reported impacted accounts to the three U.S. credit reporting agencies; and
- Purchased a year’s subscription of identity protection services for affected claimants.
DEO recommends impacted claimants monitor their financial accounts, and if they see any unauthorized activity, they should promptly contact their financial institution. Claimants can contact the Federal Trade Commission (FTC) by calling 1-877-ID-THEFT (1-877-438-4338) or online at www.ftccomplaintassistant.gov/. The department is also recommending claimants contact the three U.S. credit reporting agencies (Equifax, Experian and TransUnion) to obtain a free credit report from each by calling 1-877-322-8228 or by logging onto www.annualcreditreport.com.