Up to 1.87M Michigan workers' info may have been compromised

February 3, 2017 by David Eggert

Social Security numbers and other personal information of up to 1.87 million Michigan workers may have been compromised, the state said Friday.

The problem stemmed from a software update to Michigan's troubled unemployment computer system, state officials said. For roughly 3½ months, it gave third-party payroll vendors and employers unauthorized access to names, wage information and Social Security numbers for a big chunk of the workforce in the state.

"There is no evidence at this time of any wrongdoing by anyone who had the ability to see the personal information, though the investigation continues to ensure the peace of mind for residents potentially affected," said Dave Murray, spokesman for the Unemployment Insurance Agency.

The number of people affected will not be known until the probe is finished. Those at risk include employees whose payroll is processed by one of the 31 third-party vendors that work with the agency—43 percent of Michigan's nearly 4.4 million payroll workers.

The software update was done Oct. 10. State officials said a "vulnerability" was identified Monday by one of the payroll companies; the state blocked unauthorized access that day.

"We are working diligently, 24 hours a day, right now to continue this investigation to determine just exactly who did access this information, who had access to it," said Caleb Buhs, spokesman for the Department of Technology, Management and Budget. He said only authorized users can get into the Michigan Data Automated System—payroll experts who are "used to handling this type of sensitive information."

Officials said if a breach is confirmed, those affected will be notified immediately. They urged people whose employers have payroll vendors to be on the lookout for identity theft by monitoring their personal financial statements for suspicious activity and requesting a free credit report.

The computer program, MiDAS, was created by Fast Enterprises of Centennial, Colorado, and brought online in 2012 as part of a modernization of the state's unemployment benefits and tax system. The software's "robo-adjudication" feature is under scrutiny after it contributed to at least 20,000 people being wrongly flagged for unemployment fraud, in part because of a lack of involvement by state staff in such determinations.

As part of a lawsuit settled Thursday, the Unemployment Insurance Agency agreed to make policy changes. Another suit, which seeks damages for people who were assessed high penalties and suffered other repercussions, is pending in the Michigan Court of Appeals.

Explore further: Quest Diagnostics says 34,000 customer accounts hacked

Related Stories

Breach in fishing license system exposes data in Northwest

August 27, 2016

A breach in a vendor's system that processes online sales of hunting and fishing licenses in Idaho, Oregon and Washington state exposed several million records containing buyers' personal information, officials said Friday.

US tax season fuels surge in email scams

April 4, 2016

As the US tax season draws to a close, authorities are warning of an alarming rise in "phishing" scams designed to steal sensitive personal and financial information.

Recommended for you

Permanent, wireless self-charging system using NIR band

October 8, 2018

As wearable devices are emerging, there are numerous studies on wireless charging systems. Here, a KAIST research team has developed a permanent, wireless self-charging platform for low-power wearable electronics by converting ...

Facebook launches AI video-calling device 'Portal'

October 8, 2018

Facebook on Monday launched a range of AI-powered video-calling devices, a strategic revolution for the social network giant which is aiming for a slice of the smart speaker market that is currently dominated by Amazon and ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.