Cyber hackers have attacked Florida’s unemployment benefits website and may have accessed sensitive personal information that belongs to nearly 58,000 Floridians who hold accounts with the state Department of Economic Opportunity, the agency has acknowledged.
The DEO said it learned of a “data security incident” on July 16 against its CONNECT system and took several steps to protect client accounts, which included locking those accounts and notifying the potential victims.
In a statement to the South Florida Sun Sentinel, spokesman Andrew Nixon said that “malicious actors” may have accessed information including Social Security numbers, driver’s license numbers, bank account numbers, claims information “and other personal details, such as address, phone number, and date of birth.”
On top of that, the intruders may have acquired the PIN that people use to access their accounts. Nixon said a total of 57,920 were targeted between April 27 and July 16 of this year.
Nixon did not identify the “actors” and did not say how they accessed the DEO system at a time when the agency was actively monitoring CONNECT for alleged fraudulent jobless benefit filings and other illegal activity. Since early this year, the agency has sought to screen its system for ID thieves who have stolen account information and filed bogus claims for weekly government benefits.
According to an agency dashboard, the DEO currently has more than 50,000 claims flagged for “fraud detection.”
Nixon said the agency has taken the following steps:
•Locked the targeted accounts.
•Improved PIN security controls.
•Enhanced network security controls.
•Notified the affected people.
•Notified the Department of Legal Affairs, Department of Management Services, including the Division of State Technology, and the Florida Department of Law Enforcement;
•Reported affected accounts to the three U.S. credit reporting agencies.
•Purchased a year’s subscription of identity protection services for affected claimants.
“There is no evidence of any other unauthorized access and no indication of related malicious activity on the department’s internal networks,” Nixon said.
Last spring, the agency hired ID.me, an identity verification company based in McLean, Virginia, to help confirm the identities of agency clients when they seek to access their CONNECT accounts. But it was not hired to specifically block hackers.
Nixon said the department is recommending that the affected people “monitor their financial accounts, and if they see any unauthorized activity, they should promptly contact their financial institution.”
They also may contact the Federal Trade Commission by calling 1-877-ID-THEFT (1-877-438-4338) or online at www.ftccomplaintassistant.gov/.
The agency also recommends that its clients contact the three U.S. credit reporting agencies — Equifax, Experian and TransUnion — to obtain a free credit report from each by calling 1-877-322-8228 or by logging onto www.annualcreditreport.com.
© 2021 South Florida Sun Sentinel Distributed by Tribune Content Agency, LLC