Ohio Department of Job and Family Services notified Pandemic Unemployment Assistance program claimants on May 20 that a security vulnerability potentially allowed access to their names, social security number and home address. 

JFS sent the notification to claimants via email and claimants began to post the message on social media. JFS did not release the number of people affected, but more than 161,000 Ohioans have applied for the unemployment assistance. 

In a press release sent from JFS, it reported that the breach was fixed within one hour after discovery by Deloitte Consulting.  But, the notice to claimants said the breach occurred on May 15, five days before the date of the email. 

Deloitte Consulting is the technology vendor for Ohio's PUA system, as well as several other states. 

The release explains that “Over the weekend, Deloitte notified ODJFS that about two dozen individuals inadvertently had the capability to view other PUA claimants’ correspondence.” 

JFS says via release that there was “no evidence of any widespread data compromise,” and that credit monitoring will be provided by Deloitte. 

“ODJFS holds the confidentiality of claimant data in the highest regard and agreed with the immediate steps Deloitte took to prevent any unauthorized PUA access in the future,” the release says. 

Spectrum News 1 has reached out with additional questions to JFS and Deloitte and will update this story with details.