A contractor hired to create, implement and maintain a secure website for the Arkansas Division of Workforce Services (ADWS) amid the coronavirus crisis has “negligently and recklessly” exposed the personal information of roughly 30,000 Pandemic Unemployment Assistance (PUA) applicants, a proposed class action lawsuit alleges.
According to the 25-page complaint, defendant Protech Solutions was tasked by Arkansas to create and roll out a secure website portal through which self-employed and gig workers in the state could apply for unemployment benefits—PUA—during the COVID-19 pandemic. Per the suit, the contract between the defendant and ADWS provided that Protech would receive $3 million to create, implement and maintain the PUA website, host it on a secure/encrypted platform, and monitor for potential breaches to protect the sensitive information uploaded to the site.
The lawsuit alleges, however, that Protech’s failure to create and implement a secure website has, “at one of the worst times in the lives of Plaintiffs and Class members,” put approximately 30,000 unemployed Arkansas workers’ identities and credit at risk after a May 2020 data breach compromised Social Security numbers, birthdays and banking information.
After ADWS learned of the data breach on May 15, the agency took the PUA application system offline, according to the suit. Six days later, ADWS notified the plaintiffs and proposed class members of the incident, informing the workers that they were eligible for complimentary credit monitoring and identity restoration services for one year, the case says. As the suit tells it, even after the issue was apparently fixed, matters did not improve for PUA applicants.
“As a result of the Data Breach, the PUA Application system was temporarily shut down,” the complaint reads. “Even after the PUA Application System was back up and running, Plaintiffs and other Class members were and are still locked out of their accounts pending a ‘fraud review.’”
The plaintiffs assert that those affected by the data breach “must now be vigilant and review their credit reports” for any sign of identity theft, as well as educate themselves on the specifics of security freezes, fraud alerts, and other protection measures.
The suit’s filing comes on the heels of a May 29 proposed class action that alleged Deloitte Consulting similarly failed to protect the personally identifiable information of those who applied for pandemic-related unemployment assistance in Ohio, Illinois and Colorado.
Initially filed in Pulaski County Circuit Court, the lawsuit was removed to Arkansas federal court on July 21.
ClassAction.org’s coverage of COVID-19 litigation can be found here and over on our Newswire.