LOUISVILLE, Ky. — For the second time in just three months, the Kentucky unemployment online system appears to have been compromised.
FOCUS discovered the data breach and informed the state’s Labor Cabinet.
A Louisville filer says when he requested payment for unemployment benefits, another filer’s personal information popped up on his screen.
It showed the person’s place of work, phone and address of the workplace, length of work being missed, and the reason for leaving work, which was because of quarantining due to COVID-19 exposure.
“That’s a breach,” State Senator Whitney Westerfield, R-District 3, said.
At last week’s Program Review and Investigations Committee hearing, Sen. Westerfield grilled Labor Cabinet leaders about a data breach bank in April, which wasn’t reported to the proper authorities until a month later.
During the hearing, Labor Cabinet General Counsel Amy Cubbage testified, “We have put new procedures in place to ensure that this does not happen again.”
Now Sen. Westerfield wants to know how bad the second breach is.
“How widespread is this data crisscrossing?” he asked.
FOCUS called the phone number on the exposed personal information, and the filer from Shelbyville said he had just filed for unemployment that very day we became aware of the breach, and on his screen the personal information of someone else’s in Somerset popped up.
“When you’ve got not just person A and person B’s information crossed, you’ve got person A, B and C crisscrossed,” Sen. Westerfield pointed out.
Asked for comment, the Labor Cabinet issued a statement saying after the “potential” breach came to its attention from the FOCUS team, the state’s Office of Technology Services is investigating the problem and will take corrective action if necessary.
"The information seen by the claimant was another individual’s employer information and information about the individual’s health. At no time, was the other individual’s name, social security number, or other personally identifying information available," the statement said. "Out of an abundance of caution, OUI has reported this potential breach while the Office of Technology Services investigates the circumstances that allowed a claimant to see the information pertaining to another individual claimant. Once the Office of Technology determines the cause of the potential breach, actions will be taken to prevent this type of incident in the future."
During his daily COVID-19 update, Gov. Andy Beshear spoke at length and was repeatedly questioned about this second data breach. "There is no reason at the moment to think that this has put any any of the financial or otherwise concerning information of anybody out there in any harm whatsoever," Gov. Beshear said.