Up to 1.87M Michigan workers' info may have been compromised

February 3, 2017 by David Eggert

Social Security numbers and other personal information of up to 1.87 million Michigan workers may have been compromised, the state said Friday.

The problem stemmed from a software update to Michigan's troubled unemployment computer system, state officials said. For roughly 3½ months, it gave third-party payroll vendors and employers unauthorized access to names, wage information and Social Security numbers for a big chunk of the workforce in the state.

"There is no evidence at this time of any wrongdoing by anyone who had the ability to see the personal information, though the investigation continues to ensure the peace of mind for residents potentially affected," said Dave Murray, spokesman for the Unemployment Insurance Agency.

The number of people affected will not be known until the probe is finished. Those at risk include employees whose payroll is processed by one of the 31 third-party vendors that work with the agency—43 percent of Michigan's nearly 4.4 million payroll workers.

The software update was done Oct. 10. State officials said a "vulnerability" was identified Monday by one of the payroll companies; the state blocked unauthorized access that day.

"We are working diligently, 24 hours a day, right now to continue this investigation to determine just exactly who did access this information, who had access to it," said Caleb Buhs, spokesman for the Department of Technology, Management and Budget. He said only authorized users can get into the Michigan Data Automated System—payroll experts who are "used to handling this type of sensitive information."

Officials said if a breach is confirmed, those affected will be notified immediately. They urged people whose employers have payroll vendors to be on the lookout for identity theft by monitoring their personal financial statements for suspicious activity and requesting a free credit report.

The computer program, MiDAS, was created by Fast Enterprises of Centennial, Colorado, and brought online in 2012 as part of a modernization of the state's unemployment benefits and tax system. The software's "robo-adjudication" feature is under scrutiny after it contributed to at least 20,000 people being wrongly flagged for unemployment fraud, in part because of a lack of involvement by state staff in such determinations.

As part of a lawsuit settled Thursday, the Unemployment Insurance Agency agreed to make policy changes. Another suit, which seeks damages for people who were assessed high penalties and suffered other repercussions, is pending in the Michigan Court of Appeals.

Explore further: Quest Diagnostics says 34,000 customer accounts hacked

Related Stories

Breach in fishing license system exposes data in Northwest

August 27, 2016

A breach in a vendor's system that processes online sales of hunting and fishing licenses in Idaho, Oregon and Washington state exposed several million records containing buyers' personal information, officials said Friday.

US tax season fuels surge in email scams

April 4, 2016

As the US tax season draws to a close, authorities are warning of an alarming rise in "phishing" scams designed to steal sensitive personal and financial information.

Recommended for you

Google braces for huge EU fine over Android

July 18, 2018

Google prepared Wednesday to be hit with huge EU fine for freezing out rivals of its Android mobile phone system in a ruling that could spark new tensions between Brussels and Washington.

EU set to fine Google billions over Android: sources

July 17, 2018

The EU is set to fine US internet giant Google several billion euros this week for freezing out rivals of its Android mobile phone system, sources said, in a ruling that risks fresh tensions with Washington.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.