State of Colorado Pandemic Unemployment System Compromised

State of Colorado Pandemic Unemployment System Compromised

 

The State of Colorado has issued a statement indicating that their Pandemic Unemployment System was compromised over the weekend. The agency that handles Colorado Unemployment Assistance Insurance has offered affected individuals a year of free credit monitoring.

In the official State of Colorado email, the state indicated that they were “notified by our vendor” of the issue; although they did not name the vendor, it is likely that it is Deloitte. We base this educated guess on it being Deloitte based on a number of factors, including this report from a summit this past summer, which includes the statement “Joined by David McCurdy, chief technology officer (CTO) at the State of Colorado, Deloitte presented how the state migrated their integrated eligibility system, Colorado Benefits Management System (CBMS), to AWS”; and this government contract between the State of Colorado and Deloitte signed in June of 2017.

UPDATE: It has now been confirmed that the vendor was indeed Deloitte. In a statement quoted in the Colorado Sun, Cher Haavind of the Colorado Departyment of Labor explains that it was a technical error in which Deloitte accidentally gave some users ‘privileged functions’ (such as, for example, superuser privileges – our example, not one provided by Colorado or Deloitte), which allowed those users access to a search function to which they should not have had access, and allowing them to search through data belonging to other users. They had that access for nearly 2 weeks (from May 2nd through May 15th).


Explains Haavind, “The vendor discovered that a searchable screen was visible and that fewer than six people had temporary access.”

The bottom line in terms of this incident is that for nearly two weeks, some users of the Colorado Pandemic Unemployment System were able to view the personal data belonging to other users of the system.

And so, of course, the issue isn’t so much how many people could see the data of others, but rather how many people’s data did those six people have access to, and how many records with the personal data of other users did they actually access? For that, the state (so far) ain’t saying.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:
Get notified of new Internet Patrol articles for free!

Here’s what they are saying.

Email from Colorado Pandemic Unemployment Assistance Program Regarding Compromised User Accounts

Pandemic Unemployment Assistance

On Saturday, May 16th, we were notified by our vendor of a limited and intermittent data access issue where a handful of individuals within the new Pandemic Unemployment Assistance application were inadvertently able to view other claimants’ correspondence. The unauthorized access was identified and blocked within one hour. Although there is no evidence of any widespread data compromise, out of an abundance of caution we are offering you the option of enrolling in 12 months of free credit monitoring.

 

If you would like to enroll, please complete your request at the link below within 45 days (July 2, 2020). Once you submit your request, you will be emailed further instructions within 5 business days. Please know that we hold the confidentiality of your data in the highest regard and our vendor took immediate steps to prevent any unauthorized access in the future

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

People also searched for pandemic unemployment assistance for colorado, colorado pandemic unemployment assistance, how they determine pandemic unemployment amount in colorado, Was colorado unemployment hacked?, colorado pandemic unemployment assistance program, How is the state of colorado checking unemployment accounts, what does pending issue for colorado pandemic unemployment mean
Summary
State of Colorado Pandemic Unemployment System Compromised
Article Name
State of Colorado Pandemic Unemployment System Compromised
Description
The State of Colorado has issued a statement indicating that their Pandemic Unemployment System was compromised over the weekend.

Leave a Reply

Your email address will not be published. Required fields are marked *