Cybersecurity

Florida’s unemployment agency leaked Social Security data last month

Florida, which decommissioned its centralized IT agency last year, has compromised the personal information of 98 unemployment insurance applicants.

By Colin Wood

May 22, 2020

(Getty Images)

The Florida Department of Economic Opportunity earlier this month notified 98 residents who’d applied for unemployment insurance that their names and Social Security numbers had been compromised.

In a May 8 letter addressed to the affected users, the department wrote: “Information associated with a claim submitted under your name was unintentionally sent to a private email server owned by a third party performing work on the agency’s behalf,” WFTV reported. No banking information was included in the leak, which reportedly occurred sometime in April, and affected users are being offered free identity protection services.

“We have notified individuals that were part of a data security incident associated with Reemployment Assistance claims,” reads a statement shared by the economic opportunity department. “This issue was addressed within 1 hour after we became aware of the incident. While the incident was handled within 1 hour, in an abundance of caution, we are making available identity protection services at no charge to affected individuals, and we have also advised them to report any unauthorized activity on their financial accounts. At this time, we have not received any reports of malicious activity.”

The incident is the third such accidental data disclosure by a state unemployment agency to become public in recent days. The Arkansas Division of Workforce Services briefly shut down its unemployment benefits system earlier this month after discovering it had accidentally exposed the Social Security numbers, banking information and other personal details of about 30,000 residents. The office of Illinois Gov. J.B. Pritzker also recently announced that a glitch in the state’s new unemployment system “made some private information publicly available for a short time.”

Florida decommissioned its centralized IT agency, the Agency for State Technology, last year, opting instead to form a new technology office housed under the state’s Department of Management Services. A common function of centralized state technology departments is to train employees on cybersecurity and privacy considerations and to enforce standardized cybersecurity governance across state agencies to ensure that data leaks do not occur.

News of Florida’s leak arrives as states across the country rush forward upgrades to their legacy IT systems to meet sudden widespread demand for unemployment assistance. The national unemployment rate rose to 14.7% last month, with the worst affected states showing figures even higher. Nevada’s unemployment rate has spiked to 28.2% and Michigan has 22.7% unemployment, according to the latest data published by the Bureau of Labor Statistics.