DTMB Investigating Potential Release of Sensitive Information in Unemployment Computer System

Contact: Caleb Buhs - buhsc@michigan.gov
Agency: Technology, Management & Budget

Feb. 3, 2017


The Department of Technology, Management and Budget and the Unemployment Insurance Agency have identified a potential release of personal identifiable information for individuals whose payroll is processed by a third-party vendor.

A software update implemented in October 2016 that was provided and performed by the vendor supporting the unemployment benefits computer system introduced a vulnerability that allowed authorized users of the Michigan Data Automated System (MiDAS) to access Social Security numbers and names they were not authorized to view. The authorized users who potentially had access only include employers and other human resources professionals, not unemployment claimants or the general public.

The problem was identified on Jan. 30, and a fix to block further unauthorized access was implemented the same day.

“Data security is a top priority for the state of Michigan,” said DTMB Director and State CIO David Behen. “We will work with our third party vendors and our state team to review our processes and procedures to avoid incidents like this in the future.”

An investigation is ongoing by the Michigan State Police Cyber Command Center to determine how many were exposed to a release of personal information. If a compromise of data is confirmed, all will be notified immediately. The sensitive information potentially exposed includes first and last names, Social Security numbers and wage information. No other personal information, such as birthdates or home addresses, was involved. Those with information in the impacted area of the MiDAS system include people whose payroll is processed by any one of 31 third-party vendors that works with UIA. There may be as many as 1.87 million people in Michigan affected, but the total amount will not be known until the investigation is complete.

There is no indication that the potentially exposed information has been or will be used for malicious purposes. It does not appear that anyone’s information was accessed with malicious intent, but rather was accidentally viewed by employers accessing the system. People whose information may have been exposed should continue to follow these tips to avoid becoming a victim:

  • Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
  • Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228.  Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian® and TransUnion® – for a total of three reports every year.  Contact information for the credit bureaus can be found on the Federal Trade Commission website, www.ftc.gov.
  • Take steps to monitor their personally identifiable information and report any suspected instances of identity theft to their local law enforcement.

DTMB and UIA are providing updated information on the UIA website Michigan.gov/uia. The agency is also creating a special telephone hotline at 855-707-8387 to answer questions about this issue with customer service representatives available from 8 a.m. to 4 p.m., weekdays.