The Colorado Department of Labor confirms a brief glitch over the weekend that allowed six people to view information of other Coloradans filing for unemployment.
The Labor Department tells 11 News the issue was fixed within an hour and has no evidence that anyone's data was exposed. The glitch affected people using the new Colorado Pandemic Unemployment Assistance application.
Even though there appears to have been no data breach, the department is offering credit monitoring to all PUA claimants.
A full statement from the Colorado Department of Labor and Employment regarding the incident and the credit monitoring can be viewed below:
"On Saturday, May 16th, we were notified of a limited and intermittent data access issue where a handful of individuals (6) within the new Colorado Pandemic Unemployment Assistance application were inadvertently able to view other claimants’ correspondence. Our vendor partner Deloitte worked swiftly once the unauthorized access was identified and fixed the issue within one hour. We have contacted the individuals who had accidental access to the system data.
Although there is no evidence of any widespread data compromise, we are offering credit monitoring to all PUA claimants for 12 months. There was no security breach or indication of any malicious activity. We hold the confidentiality of claimant data in the highest regard and took immediate steps to prevent any unauthorized access in the future.
We have no confirmation that any data was exposed. The 72,000 people are all people who have filed claims and out of those, the 6 people had the intermittent access to "admin" screens but there is no confirmed evidence that any data was actually exposed. We notified them out of an abundance of caution and transparency. Deloitte is paying for the one year of credit monitoring and they can sign up via the link we emailed them yesterday and they will also get a notice via mail with the link.
We are not able to recreate the user sessions nor do we know what screens they viewed (if any). We did make contact with all of them and gathered from those conversations that yes in fact they did see the screen access but their session time was brief. They all have valid PUA claims and do not want to jeopardize their benefits and were very cooperative. Given how short the sessions were and the fact that it was addressed within an hour by the vendor leads it to believe there is low risk to claimants but out of an abundance of caution we offered the credit monitoring option to all claimants, paid for by the vendor."