Skip to content ↓ | Skip to navigation ↓

Government officials said that a glitch in the State of Illinois’ Pandemic Unemployment Assistance (PUA) program exposed thousands of people’s Social Security Numbers (SSNs) and other private data.

Jordan Abudayyeh, a spokesperson for Illinois Governor J. B. Pritzer, sent a statement to WBEZ on May 16. In it, she revealed that the Illinois Department of Employment Security (IDES) had learned of a security incident involving its PUA program. As quoted by WBEZ:

[IDES is] aware there was a glitch in the new PUA system that made some private information publicly available for a short time and worked to immediately remedy the situation…. A full investigation is under way to assess exactly what happened and how many people were impacted. Those who were impacted will be notified.

According to additional reporting by WBEZ, the issue first became apparent when a small business owner attempted to apply for benefits through the PUA program. She was surprised when she found “thousands and thousands” of Social Security Numbers and other private information displayed upon the initiative’s website. She responded by taking screenshots of PUA applicants’ exposed data and sharing those images with her local representative as well as with a member of Pritzer’s cabinet.

The woman consented to an interview with WBEZ on the condition of anonymity, as she feared that negative media coverage could hurt her application for unemployment benefits.

Pritzer’s office didn’t disclose the number of PUA applicants affected by the security incident. However, it did explain that it had fixed the “limited” problem quickly and that it had taken steps to prevent similar issues from arising in the future.

IDES also partnered with Deloitte to respond to people’s concerns and to further investigate the incident, reported WREX.

News of this security incident arrived approximately two months after a public health department in Illinois went down after the agency suffered a NetWalker ransomware attack.

The Executive's Guide to the Top 20 Critical Security Controls