Florida’s Unemployment Hack: What Happened?

Thriveon
A desk with an unemployment claim form and a pen on it.

Imagine your company gets attacked by hackers. They steal valuable data about your employees and clients, including social security numbers and bank account information. What do you do?

That's what happened when hackers targeted the unemployment office in Tallahassee, FL, between April 27 and July 16, 2021. They stole personal unemployment data from some 58,000 people, which may include addresses, birthdates and bank PINs. How did this happen, and how did the local Florida government respond? You can learn much about protecting your business from a cyberattack by studying this unfortunate crime. 

What Happened?

The Florida Department of Economic Opportunity (DEO) uses a website called “CONNECT” to manage its unemployment benefits. Malicious actors were able to log into CONNECT’s portal and illegally process an undocumented amount of unemployment claims. As a result, real users could not access their accounts, and in some cases, their benefits were stolen and transferred to mysterious bank accounts without their knowledge or authority. People who counted on crucial unemployment aid were suddenly unable to get it. 

Watch: Avoiding Ransomware: Win the Attack, Survive the War

How Did the DEO Respond to the Hack?

On paper, the DEO responded quickly and appropriately. Once they became aware of the hack they:

  • Locked the accounts of affected users
  • Reported all breaches to credit reporting agencies
  • Purchased a year of identity protection services for anyone hacked

Unfortunately, these measures had mixed results. While locking the impacted accounts may have prevented further attacks, it also meant that the account owners could not access their money. Because of the enormity of the attack, many users complained of being unable to receive communications or assistance with their accounts for months after the attack.

The situation worsens when you discover that nearly a year later, some claimants received paperwork with other people’s sensitive account information. It seems that the hack resulted in more than stolen funds; it also disrupted the department’s data bank and attributed data to the wrong accounts. This made recovery a long and difficult process for those who count on the funds. 

The Hidden Risk

On the surface, the Florida unemployment account hack may look like a clear case of monetary theft. Funds meant for out-of-work Americans were diverted to phantom bank accounts. But the problem goes deeper. Identity theft is a billion-dollar industry that attracts another set of criminals.

An article in Forbes illuminates an alarming trend in which Miami street gangs are giving up the violent drug trade in favor of safer and easier cyber crimes. The article points out how Russian hackers steal and sell personal data from millions of people yearly and sell it on the black market. Gangs have discovered they can purchase this information on the dark web and use it to their advantage. They can make money without ever going into the streets or with little risk of being caught. 

Can This Happen to My Business?

Sadly, no one is immune to cyber attacks. The state of Florida paid contractors $81 million to build the CONNECT system and failed to test it or address warning signs that appeared well before the hack. 

An IT provider is much more than someone who puts out fires after they happen. As we can see from the Florida hack, implementing and testing security measures before a system is launched and having a backup plan ready to go are crucial for any organization that handles sensitive data.

If your business stores employee records, financial information, legal documents or client data, you must vigilantly protect your systems. This means monitoring existing vulnerabilities and updating cybersecurity controls regularly. It also means having a backup plan in case of a breach and ensuring that your employees know how to identify an attack and respond effectively.

Florida Cybersecurity Protection Is Here

An effective IT program keeps your business’ valuable data protected. It prevents catastrophic headaches like those that affected so many people in the Florida unemployment system from ever happening. Your business can’t afford the time and expense of an attack, so invest in cybersecurity experts who know how to protect you.

Schedule a consultation with Thriveon to learn what a robust cybersecurity program would look like for your business.

SCHEDULE CONSULTATION

New call-to-action

 

STAY UP TO DATE

Subscribe to our email updates

STAY UP TO DATE

Subscribe to our email updates