in Newswire Published on June 1, 2020

Deloitte Rolled Out Pandemic Unemployment Assistance Portals Without Proper Data Protections, Class Action Claims

by Corrado Rizzi

View Comments

Alexander v. Deloitte Consulting, LLP

Filed: May 29, 2020 § 1:20-cv-04129

Read Complaint

A class action claims at least three states' unemployment benefits portals set up by Deloitte Consulting exposed applicants' personally identifiable information.

Defendant(s)

Deloitte Consulting, LLP

Law(s)

State(s)

New York

Categories

Business/Finance Privacy Data Breach COVID-19

Deloitte Consulting failed to take reasonable and adequate measures to protect consumers’ personally identifiable information when designing, building and maintaining multiple states’ unemployment systems, a proposed class action alleges.

Amid the COVID-19 crisis, Deloitte contracted with a number of state agencies, including the Ohio Department of Job and Family Services, Illinois Department of Employment Security and Colorado Department of Labor and Employment, to help administer the federal Pandemic Unemployment Assistance program (PUA), the lawsuit begins. The defendant was tasked by states with designing, building and maintaining web-based portals through which consumers could apply for unemployment benefits and communicate with state officials, the suit says, stressing that Deloitte was entrusted with applicants’ sensitive personal information.

According to the lawsuit, however, Deloitte’s cloud-based PUA portal went live around May 11 without appropriate safeguards to protect unemployment applicants’ personal information against prying eyes. 

On May 16, the complaint says, Illinois acknowledged a “glitch” in Deloitte’s PUA system that made publicly available the information of some 44,000 workers who applied for benefits on the first day. Then, on May 19, Colorado acknowledged “a limited and intermittent data access issue” that saw some unemployment applicants granted access to others’ private communications with the state, the lawsuit says, claiming the correspondence contained Social Security numbers. According to the suit, 72,000 individuals were affected by the issue.

Further still, Ohio acknowledged via email that unemployment applicants’ Social Security numbers, names and addresses may have been inadvertently viewed by others, the suit continues. It’s believed 130,000 applicants were affected by this particular glitch, the case says.

Though Deloitte is offering 12 months of free credit monitoring to PUA applicants in Ohio, Colorado and Illinois, those whose information was exposed have sustained concrete injury in that they face a heightened risk of identity theft and fraud, the lawsuit asserts. 

The lawsuit looks to cover all U.S. residents whose personally identifiable information was compromised as a result of the Pandemic Unemployment Assistance portal data breach.

ClassAction.org’s coverage of COVID-19 litigation can be found here and over on our Newswire.

Sign up for ClassAction.org’s newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on June 1, 2020 — 3:06 PM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.