[BreachExchange] Deloitte Sued Over Pandemic Unemployment Website Data Breaches

[Destry Winant]

https://news.bloomberglaw.com/privacy-and-data-security/deloitte-sued-over-pandemic-unemployment-website-data-breaches

Deloitte Consulting LLP was hit with two suits by people who claim
their personal information was exposed on state websites the firm
built to administer supplemental coronavirus unemployment benefits.

A group of Ohio residents sued Deloitte late Thursday in Manhattan
federal court, after officials in that state, Illinois and Colorado
disclosed that personal information from benefit applicants, including
home addresses and social security numbers, was exposed to other users
of the system. Another group of Ohioans sued Deloitte in state court
in Cleveland. Both suits are proposed class actions.

Deloitte build all three state web portals for laid-off residents to
apply for benefits under the Pandemic Unemployment Assistance program
passed as part of the $2 trillion federal coronavirus relief bill. The
program pays an additional $600 a week to recipients on top of their
state unemployment insurance payments.

Deloitte didn’t immediately respond to emails seeking comment on the suits.

The applicants “have been forced to take multiple precautionary steps
to protect themselves and their property in an effort to avoid
becoming a victim of identity fraud,” the New York complaint said.
These include changing account passwords, reviewing bank and credit
card statements, filing reports with the Federal Trade Commission and
taking extra precaution with emails from unknown senders, according to
the suit.

The suits seek unspecified damages and orders requiring Deloitte to
take steps to protect the applicants from possible identity theft.

The cases are: Culbertson v. Deloitte Consulting LLP, 20-cv-03962,
U.S. District Court, Southern District of New York (Manhattan); Bozin
v. Deloitte Consulting LLP, CV 20 932778, Ohio Court of Common Pleas,
Cuyahoga County (Cleveland).