NewsFlorida News

Actions

'Freeze your credit report': Cybersecurity expert advises after DEO security data breach

Florida DEO Website
Posted at 5:54 PM, Jul 26, 2021
and last updated 2021-07-26 18:19:40-04

It’s a cyber attack going after nearly 58,000 of Florida’s most vulnerable — people who lost their jobs because of the pandemic.

“If you look historically, whether it be robocall scams or other scams, they have always prayed upon those people that are most in need,” said Ian Marlow, the CEO of FitechGelb, a cybersecurity firm. “Whether it be elderly people or people that have hit harder times.”

The Florida Department of Economic Opportunity alerted claimants of the breach. The DEO said it happened sometime between April 27th, 2021 to July 16th, 2021. DEO officials said hackers had access to social security numbers, bank account information, and other personal details in CONNECT.

“The volume of information, the type of detail that is being spoken about is pretty much worse than anything that you would have in having your credit breached,” Marlow said.

And, he said the DEO isn’t saying how it happened.

“Either someone gained information at one point for multiple months or that someone had live access with the breach for that period of time,” Marlow speculated. “We do not know which of the two that is. The reports are not clarifying which of those situations it is.”

That will likely be explored soon, Marlow said. But the best way to take control of the situation right now, according to Marlow, is to get in touch with all three credit agencies and freeze your credit report.

“It just means that no one can open a new financial account in your name, and that is the best way to protect yourself,” he said.

Step number two, call the DEO to change your PIN number.

“There will be a wait, be patient, take your time and be vigilant because if you’re not and then you realize a number of loans and other credit cards have been taken out under your name; you’ll spend a lot longer than a few hours on the telephone,” said Marlow.

The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected, but Marlow said that process could take time. That's why he said freezing your credit report is something you can do right now to stop the hackers in their tracks. He also said certain credit card companies offer credit coverage that alerts you when something changes on your credit report.

“Even if your frozen, it will tell you that an inquiry came in,” he said.

More information from USA.gov on freezing credit reports can be found here.

Here’s the full e-mail the DEO is sending out to claimants impacted by the breach:

Thank you for reaching out to the Florida Department of Economic Opportunity. I have attached a copy of the correspondence sent to impacted claimants. Additionally, please see the Department’s statement below.

On July 16, 2021, the Department learned of a data security incident involving potentially fraudulent activity connected to claimant accounts within the Reemployment Assistance Claims and Benefits Information System, commonly known as CONNECT.

Information contained in the claimant account may have been accessed, including the following: social security number, driver’s license number, bank account numbers, claim information, and other personal details, such as address, phone number, and date of birth. In addition, the malicious actors may have acquired the account PIN that claimants use to access their CONNECT account.

The Department discovered that malicious actors were targeting claimant accounts via the CONNECT public claimant portal. A total of 57,920 claimant accounts were targeted. These targeted accounts may have been accessed by an unauthorized party. This activity may have occurred between April 27, 2021, and July 16, 2021. There is no evidence of any other unauthorized access and no indication of related malicious activity on the Department’s internal networks.

In response, the Department has:

  • Locked accounts targeted by this activity;
  • Improved PIN security controls;
  • Enhanced network security controls;
  • Notified impacted claimants;
  • Notified the Department of Legal Affairs, Department of Management Services, including the Division of State Technology, and the Florida Department of Law Enforcement;
  • Reported impacted accounts to the three U.S. credit reporting agencies; and
  • Purchased a year’s subscription of identity protection services for affected claimants.

The Department is recommending that the impacted claimants monitor their financial accounts, and if they see any unauthorized activity, they should promptly contact their financial institution. Claimants may contact the Federal Trade Commission (FTC) by calling 1-877-ID-THEFT (1-877-438-4338) or here online. The Department is also recommending claimants to contact the three U.S. credit reporting agencies (Equifax, Experian, and TransUnion) to obtain a free credit report from each by calling 1-877-322-8228 or by logging onto Annual Credit Report.

While states continue to battle significant attacks on unemployment systems across the nation, the prevention of fraud remains a top priority for the Department. Florida is a leader in identifying and preventing unemployment fraud, and we will continue to take necessary precautions to protect Floridians.