A potential vulnerability in the Unemployment Insurance Portal was reported to the Education and Workforce Development Cabinet’s (EWDC) Office of Technology Services (OTS) on April 23, 2020, at 9:17 a.m.
According to the report, some Unemployment Insurance (UI) claimants could have been able to view the identity verification documents uploaded by other UI claimants. To date, no reports of identity theft or financial harm have been received.
Working with the Kentucky Commonwealth Office of Technology (COT), OTS prevented any further incidents by taking the UI Portal completely offline at 11:30 a.m. By noon, OTS had changed the system to ensure no one was able to view any uploaded documents. By midnight, the security team had patched the software to correct the problem permanently.
Deputy Secretary Josh Benton said, “Nothing is more important than keeping Kentuckians safe during the COVID-19 crisis. That includes keeping their information safe.”
Due to the way those uploaded documents are processed, it is impossible to determine how many of those documents may have been viewable in the claimants’ accounts at the time of this incident. While the likelihood of harm is very low, UI claimants whose personal information may have been compromised will receive a letter or email from EWDC in the next week notifying them that they could have been impacted.
EWDC will continue to work with its OTS team and partners to keep the data of Kentuckians safe.
For more information, please visit kcc.ky.gov.