Welp, that didn’t take long:
Deloitte Consulting LLP was hit with two suits by people who claim their personal information was exposed on state websites the firm built to administer supplemental coronavirus unemployment benefits.
A group of Ohio residents sued Deloitte late Thursday in Manhattan federal court, after officials in that state, Illinois and Colorado disclosed that personal information from benefit applicants, including home addresses and social security numbers, was exposed to other users of the system. Another group of Ohioans sued Deloitte in state court in Cleveland. Both suits are proposed class actions.
Deloitte build all three state web portals for laid-off residents to apply for benefits under the Pandemic Unemployment Assistance program passed as part of the $2 trillion federal coronavirus relief bill. The program pays an additional $600 a week to recipients on top of their state unemployment insurance payments.
The lawsuit filed in Manhattan federal court, Culbertson et al v. Deloitte Consulting LLP, names Paul Culbertson, Timothy Sylvester, and William Gibson as plaintiffs. The other lawsuit filed in Cleveland, Bozin v. Deloitte Consulting LLP, names Daniel Bozin, Timothy Smith, and Alexandria Polichena as plaintiffs, according to Cleveland.com.
The Ohio Department of Job and Family Services said a technical glitch resulted in 26 PUA users viewing other users’ personal info on May 15 before the cybersecurity gurus from Deloitte Consulting finished scratching their heads and figured out what the hell had happened.
ODJFS Director Kimberly Hall told Cleveland.com on May 21 that the agency didn’t find evidence of widespread compromise.
Deloitte said it would offer free credit monitoring services to all PUA applicants in Ohio for a year. But according to Cleveland.com, Bozin, Smith, and Polichena all bought credit and identity monitoring through LifeLock, and intend to close their financial accounts in case they were compromised, the state lawsuit says. In the other lawsuit, Culbertson, Sylvester, and Gibson have changed account passwords, reviewed bank and credit card statements, and filed reports with the Federal Trade Commission, among other things, “to protect themselves and their property in an effort to avoid becoming a victim of identity fraud,” according to Bloomberg.
The plaintiffs in both lawsuits are seeking an unspecified amount in damages.
No word yet on who will be called in from Deloitte’s storage closet of attorneys to protect the honor of Big D.
Deloitte Sued Over Pandemic Unemployment Website Data Breaches [Bloomberg]
Attorneys for Ohio residents file lawsuit over data leak that compromised personal info of unemployment claimants [Cleveland.com]