As many as 1.87 million Michigan workers may have had their personal information exposed through a newly discovered security vulnerability in the computer system used by the Michigan Unemployment Insurance Agency.
The information release affects workers whose paychecks are processed by a third-party payroll vendor. A software update installed in October 2016 included a vulnerability that allowed those vendors to access social security numbers and names of people that they were not authorized to view.
The glitch came to light on Jan. 30 when a vendor reported it. The agency blocked any further unauthorized access within hours of receiving that report.
According to both the Department of Technology, Management, and Budget and the UIA, the potential for harm is low because only authorized users at those payroll vendors had access to the information.
"The DTMB has crews working around the clock and during the weekend. This is a top priority to get to the bottom of this," says Dave Murray, a representative of the UIA.
The computer system affected is the Michigan Data Automated System (MiDAS). That's the same system that led to about 20,000 wrongful unemployment fraud accusations. The system was created by Fast Enterprises, according to the UIA.
The Michigan State Police Cyber Command Center is investigating the security problem. If it's able to confirm a compromise of data, those affected will be notified.
Those who may have been affected are encouraged to monitor their accounts and report any suspected identity theft to authorities.
*The story and headline have been corrected to reflect that the problem is a security "vulnerability," meaning a weakness, rather than a "breach," which indicates a hack. The number of workers potentially affected has also been corrected.