Colorado’s computerized unemployment system inadvertently exposed private data of an unknown number of people who had recently filed for unemployment.
The unauthorized access was blamed on a programming error made by the technology vendor. The issue was identified and blocked by the vendor within an hour of when it was noticed on Saturday. State officials said there is no evidence that the data compromise was widespread or related to a malicious hacking attempt.
But just in case, the state is offering 12 months of credit monitoring to the 72,000 people on Pandemic Unemployment Assistance, the federal unemployment benefit offered for the first time to gig workers, independent contractors and the self-employed. Users were notified on Monday.
People on state-funded unemployment were not affected.
According to Cher Haavind, the deputy executive director of the Colorado Department of Labor and Employment, this “wasn’t intentional or fraudulent, nor was it a result of hacking.”
She said that it was a technical error by the system’s vendor, Deloitte. Essentially, Deloitte, which provides similar technology to other states, mistakenly gave users privileged functions beyond the role of a regular claimant. It allowed users to search and potentially see another claimant’s “correspondence,” which could include a name and Social Security number.