Unemployment Aid Applicants in Illinois Had Their Personal Data Exposed

• A glitch in the IDES system that received unemployment claim submissions has resulted in data exposure.
• The information that leaked online is sensitive private data like names, IDs, SSNs, and bank account numbers.
• The State of Illinois confirmed the security incident but hasn’t provided numbers or technical details yet.

There are a few things that are worse than being unemployed right now, one of which is being unemployed and having your sensitive personal data exposed online. According to multiple reports from Chicago-based news outlets, the Illinois Department of Employment Security (IDES) has exposed the personal information of an undisclosed number of individuals who had applied onto the state’s system for unemployment claims. As the Democratic Gov. J.B. Pritzker confirmed, there was a glitch in the system that led to the exposure of data, albeit for a very brief period of time.

Pritzker has been on the receiving end of numerous complaints from Illinois citizens during the past few months, as the pandemic crisis has found the state’s systems entirely unprepared. The platform that was meant to receive the unemployment claims was very frequently overwhelmed by the traffic and went offline. At the same time, the agency staff that was expected to handle these applications was not of a sufficient number to carry out the task. The state officials tried to respond to these problems by contracting a private firm that built a new system with additional capabilities and greater capacity. This project was done hastily as it is proven now, resulting in a massive data breach.

The information that a citizen is requested to provide when filing an unemployment claim includes full names, physical addresses, email addresses, bank account details, IDs, social security numbers, and maybe even more. Thus, the people who have been exposed are now running the risk of getting phished, scammed, or fall victims to identity theft actors. While no official numbers were provided to the media, there must be at least a million people who have submitted their unemployment claim requests on the system between March 1 and May 2, 2020.

At the moment, there’s a full-blown investigation going on to help figure out exactly what caused the security incident as well as how many people (and who) were impacted. Since the investigation is still ongoing, the IDES is not yet in a position to provide any further clarifications or technical details. However, the first report of this data having leaked online comes from last week, and proving screenshots are already circulating online. That said, there is no time margin for the authorities to inform the citizens as the data is already out there. Over the weekend, State Rep. Terri Bryant sent a letter to the governor’s office, urging them to answer the following four questions immediately:

1. Is IDES aware of any potential data breach involving the personal information of thousands of Illinoisans that have applied for unemployment?
2. Is Governor Pritzker or his staff aware of any potential breach involving the personal information of thousands of Illinoisans that have applied for unemployment?
3. How long was the personal information of unemployment applicants available for other applicants to see?
4. Has the problem been resolved? Is there any possibility that thousands of Illinoisans that have applied for unemployment assistance through the IDES website have had their identity compromised?

For now, the above questions remain unanswered, but pressure from the media, people, and other political persons is mounting.