Up to 1.87M Michigan workers' info may have been compromised

February 3, 2017 by David Eggert

Social Security numbers and other personal information of up to 1.87 million Michigan workers may have been compromised, the state said Friday.

The problem stemmed from a software update to Michigan's troubled unemployment computer system, state officials said. For roughly 3½ months, it gave third-party payroll vendors and employers unauthorized access to names, wage information and Social Security numbers for a big chunk of the workforce in the state.

"There is no evidence at this time of any wrongdoing by anyone who had the ability to see the personal information, though the investigation continues to ensure the peace of mind for residents potentially affected," said Dave Murray, spokesman for the Unemployment Insurance Agency.

The number of people affected will not be known until the probe is finished. Those at risk include employees whose payroll is processed by one of the 31 third-party vendors that work with the agency—43 percent of Michigan's nearly 4.4 million payroll workers.

The software update was done Oct. 10. State officials said a "vulnerability" was identified Monday by one of the payroll companies; the state blocked unauthorized access that day.

"We are working diligently, 24 hours a day, right now to continue this investigation to determine just exactly who did access this information, who had access to it," said Caleb Buhs, spokesman for the Department of Technology, Management and Budget. He said only authorized users can get into the Michigan Data Automated System—payroll experts who are "used to handling this type of sensitive information."

Officials said if a breach is confirmed, those affected will be notified immediately. They urged people whose employers have payroll vendors to be on the lookout for identity theft by monitoring their personal financial statements for suspicious activity and requesting a free credit report.

The computer program, MiDAS, was created by Fast Enterprises of Centennial, Colorado, and brought online in 2012 as part of a modernization of the state's unemployment benefits and tax system. The software's "robo-adjudication" feature is under scrutiny after it contributed to at least 20,000 people being wrongly flagged for unemployment fraud, in part because of a lack of involvement by state staff in such determinations.

As part of a lawsuit settled Thursday, the Unemployment Insurance Agency agreed to make policy changes. Another suit, which seeks damages for people who were assessed high penalties and suffered other repercussions, is pending in the Michigan Court of Appeals.

Explore further: Quest Diagnostics says 34,000 customer accounts hacked

Related Stories

Breach in fishing license system exposes data in Northwest

August 27, 2016

A breach in a vendor's system that processes online sales of hunting and fishing licenses in Idaho, Oregon and Washington state exposed several million records containing buyers' personal information, officials said Friday.

US tax season fuels surge in email scams

April 4, 2016

As the US tax season draws to a close, authorities are warning of an alarming rise in "phishing" scams designed to steal sensitive personal and financial information.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.