OHIO- Two additional claimants join the Ohio-based class action lawsuit against Deloitte Consulting over the reported data leak that left 161,000 claimants personal information vulnerable. And, new details in the amended petition allege that those claimants suffered identity theft as a result of the leak. 

What You Need To Know

  • Two additional claimants join class action lawsuit

  • Attorneys for plaintiffs filed amended suit in Cuyahoga County Common Pleas Court

  • Plaintiffs seeking damages as a result of their data potentially being made available publicly

“I cried Saturday when it happened, Sunday, half of Monday,” says new plaintiff Bernadette Nolen. 

Nolen says she finally received her deposit of PUA benefits to her Netspend card on May 22. On May 23rd, fraudulent activity began to occur on her account resulting in money being transferred and accounts being compromised. 

“I feel like this is how my information got out there,”  says Nolen “Only because I've had this card for years and nothing like this has happen. I put it in to get the money on this card, and now my information is all out there.” 

Nolen says that not only was more than $2,000 transferred from her account, but she alleges after the data leak someone used her information to transfer her wireless account to another provider. She filed an identity theft police report with Weathersfield Township. 

“I am afraid to have anything in my name right now, because I don't know what is going to get taken,” says Nolen. 

Attorneys for the five total plaintiffs filed an amended class action suit in Cuyahoga County Common Pleas Court on May 28. Attorney Marc Dann says that he's received numerous calls from Ohioans who think they may have been affected. 

“I've talked to people with very similar stories,” says Dann. “There have been a lot of instances of people who we represent now who have had their cell phone services changed.” 

The plaintiffs are seeking damages as a result of their data potentially being made available when Deloitte Consulting identified a vulnerability in its system. That vulnerability reportedly allowed 26 individuals access to view information from other claimants. 

“Deloitte should have been more careful, they did not meet the standard of ordinary care, the standard of care that you and I would take with somebody else' secret information,” says Dann. “ If you had your mom's social security number, I'm sure you would be much more diligent about protecting it, then they were about protecting 161,000 unemployment applicant's information.”

Ohio Deparment of Job and Family Services was not named as a defendant in the lawsuit, but did comment via email regarding the filing: 

“While ODJFS is not named in the lawsuit, we hold the confidentiality of claimant data in the highest regard.  Deloitte recently notified ODJFS that about two dozen individuals inadvertently had the capability to view other PUA claimants’ correspondence.  Once the unauthorized access was identified, Deloitte fixed the issue within one hour.  ODJFS contacted the individuals who had accidental access to the system data.  Although there is no evidence of any widespread data compromise, Deloitte is offering credit monitoring to all PUA claimants for 12 months.  We have no reason to believe that anyone used the brief time they had access to the data with malicious intent.  Additionally, we agreed with the immediate steps Deloitte took to prevent any unauthorized PUA access in the future. “ 

Deloitte responded to an inquiry regarding the lawsuit with a statement that reads: " “We are deeply committed to protecting the personal information of our clients and the people they serve. The systems were not hacked or externally breached. A unique circumstance enabled about three dozen Pandemic Unemployment Assistance claimants across three states to inadvertently access a restricted page when logged into their state’s PUA website. Within an hour of learning of this issue, we identified the cause and stopped the unauthorized access to prevent additional occurrences. Out of an abundance of caution, we are offering 12 months of free credit monitoring to those PUA claimants potentially impacted.”

Dann says that if the class action is accepted, he is seeking that all claimants under the PUA system be eligble. 

Note: This story was updated to include the response from Deloitte.