Deloitte Consulting failed to take reasonable and adequate measures to protect consumers’ personally identifiable information when designing, building and maintaining multiple states’ unemployment systems, a proposed class action alleges.
Amid the COVID-19 crisis, Deloitte contracted with a number of state agencies, including the Ohio Department of Job and Family Services, Illinois Department of Employment Security and Colorado Department of Labor and Employment, to help administer the federal Pandemic Unemployment Assistance program (PUA), the lawsuit begins. The defendant was tasked by states with designing, building and maintaining web-based portals through which consumers could apply for unemployment benefits and communicate with state officials, the suit says, stressing that Deloitte was entrusted with applicants’ sensitive personal information.
According to the lawsuit, however, Deloitte’s cloud-based PUA portal went live around May 11 without appropriate safeguards to protect unemployment applicants’ personal information against prying eyes.
On May 16, the complaint says, Illinoisacknowledgeda “glitch” in Deloitte’s PUA system that made publicly available the information of some 44,000 workers who applied for benefits on the first day. Then, on May 19, Colorado acknowledged “a limited and intermittent data access issue” that saw some unemployment applicantsgranted accessto others’ private communications with the state, the lawsuit says, claiming the correspondence contained Social Security numbers. According to the suit, 72,000 individuals were affected by the issue.
Further still, Ohio acknowledged via email that unemployment applicants’ Social Security numbers, names and addresses may have beeninadvertently viewedby others, the suit continues. It’s believed 130,000 applicants were affected by this particular glitch, the case says.
Though Deloitte is offering 12 months of free credit monitoring to PUA applicants in Ohio, Colorado and Illinois, those whose information was exposed have sustained concrete injury in that they face a heightened risk of identity theft and fraud, the lawsuit asserts.
The lawsuit looks to cover all U.S. residents whose personally identifiable information was compromised as a result of the Pandemic Unemployment Assistance portal data breach.
ClassAction.org’s coverage of COVID-19 litigation can be found here and over on our Newswire.