Welcome to the Senate Republican Press Search.

View Article Details

Print

St. Clair County woman files lawsuit against firm in IDES breach

Carbondale Southern Illinoisan

Friday, June 19, 2020  |  Article  |  REBECCA ANZEL Capitol News Illinois

Fraud, ID Theft, Con Artists (6) , Unemployment (93)

SPRINGFIELD — The firm contracted to launch an unemployment claims portal is solely responsible for a data breach that made available almost 33,000 Illinoisans’ personal information, a St. Clair County resident has alleged in a federal lawsuit.

The state Department of Employment Security announced on May 18 that the web-based system built and maintained by Deloitte Consulting LLP – an international business services company – to process some unemployment claims allowed public access of applicants’ names, Social Security numbers and street addresses.

That online portal serviced Illinoisans applying for the federal Pandemic Unemployment Assistance program, designed to provide benefits to independent contractors affected by the novel coronavirus pandemic and who are not typically covered by unemployment insurance.

State Rep. Terri Bryant exposed the data breach after receiving a phone call from a constituent. She says she is hoping for "answers to very disturbing questions that continue to swirl around IDES and this administration."

"Having spoken to the person IDES says was the only person to breach the system and in having seen the screenshots of the exposed data, I for one find it impossible to believe that individual was the only person to breach the system," Bryant said in an emailed statement to The Southern. "That individual is no hacker. If she did it accidentally, then hackers had the ability to access sensitive information of unemployment applicants every day from May 11 to May 15.

"I contend, someone, somewhere is covering up a massive data breach."

According to the lawsuit filed by St. Clair County resident Briana Julius, at least three other states — Ohio, Colorado and Arkansas — also contracted Deloitte to construct similar portals. Within five days of notice that Illinois’ system was compromised, both Colorado and Ohio made announcements their portals had the same flaw.

Deloitte was “negligent,” Julius alleges, by “actively mishandling” that information. She is suing on behalf of herself and all other Americans who might have been harmed, and is asking a judge to allow a jury trial.

The case is requesting the court find that Deloitte acted in an “unlawful” manner and establish a number of security measures, including safeguards for personal information, tests by “third-party security auditors” and encryption of all sensitive data. Damages could “exceed” $5 million, according to the lawsuit, when considering all Americans who were affected.

On May 21, the company sent Julius a letter alerting her that while sensitive information may have been exposed, “based upon (an) investigation, there is no indication that your personal information was improperly used or is likely to be misused.”

“Out of an abundance of caution,” Deloitte offered Julius a one-year credit monitoring program subscription. She alleged that proposal is equivalent to the company recognizing “the imminent harm caused by the data breach.”