[BreachExchange] Hackers leak over 20, 000 unemployment applicants bank information

Destry Winant destry at riskbasedsecurity.com
Tue May 19 09:53:26 EDT 2020 

https://www.fox13memphis.com/news/local/hackers-leak-over-20000-unemployment-applicants-bank-information/OL2CZV7GM5DLLPPI3QTPCHDRNM/

ARKANSAS — The COVID-19 pandemic has caused tough times for many.

The Arkansas Division of Workforce Services is working to provide some
hope for self-employed workers and independent contractors with
Pandemic Unemployment Assistance.

Those who have applied for this, though, may have had their personal
information comprised.

According to a report by the Arkansas Times the social security
numbers, bank account and routing numbers of around 30,000 people have
been exposed.

A computer programmer who was applying for unemployment noticed
information being exposed, reports say.

According to reports, the Division of Workforce was notified of the
breach Friday morning.

The website was then shut down later that day.

Arkansas Governor Asa Hutchinson addressed this issue at a press conference.

He said, “It was necessary to shut the system down. These steps have
been taken consistent with our state requirements for any potential
data breach".

Governor Hutchinson said the investigation has started.

Applicants who may be impacted will be notified.

If necessary, they’ll be able to use a credit monitoring program.

“Our protocols is that Law enforcement is notified of the breach. We
obviously notify our cyber insurance carrier. Forensics are currently
being conducted by an outside IT expert that we want to make sure that
the system is in good shape before it goes back online," Hutchinson
said.

FOX13 accessed the unemployment assistance page and it is back up and running.

Governor Hutchison said there are over 100 people working this weekend
to make sure payments are dispersed.

In a statement, the Arkansas division of work services said:

“Yesterday, we learned of a system vulnerability impacting the
division of workforce services’ pandemic unemployment assistance
application system and have disconnected outside access to the pua
network. Adws is committed to completing a full forensic review and
will take all appropriate action in response to our findings.”

More information about the BreachExchange mailing list