COLUMBUS, Ohio- The list of plaintiffs suing the manufacturer of the state's pandemic unemployment system grew by two this week.

What You Need To Know

  • List of plaintiffs suing manufacturer of state’s pandemic unemployment system has grown

  • Five claimants represent Ohioans affected by the reported data security incident

  • Statements from Deloitte and ODJFS differ on how many people had access to the system

And the allegations are more serious. Spectrum News 1 talked to one claimant who says after submitting for unemployment, she's out more than $2 grand.

Bernadette Nolen just got her unemployment benefits. A day after the deposit, she says she was a victim of identity theft.

"I cried Saturday when it happened, Sunday, half of Monday," says Nolen.

More than $2 thousand transferred out of her accounts. And, she says someone tried to take her identity too, using her phone number.

"They took that phone number and were able to port my number from my carrier, which is Boost, to Metro, and I was out of a phone as well," says Nolen.

Now she's joining four others as the faces of a class-action lawsuit against Deloitte Consulting.

"I feel like this is how my information got out there. Only because I've had this card for years and nothing like this has happened. I put it in to get the money on this card, and now my information is all out there," says Nolen. 

The five claimants represent Ohioans affected by the reported data security incident.

Attorney Marc Dann says his office keeps getting calls from people who have been hacked, all submitted information to Deloitte's PUA system.

"I've talked to people with very similar stories. There have been a lot of instances of people who we represent now who have had their cell phone services changed," says Dann. 

In a motion filed on Thursday, he's requesting a temporary restraining order and injunction against Deloitte to prevent further data exposure. 

"Deloitte should have been more careful; they did not meet the standard of ordinary care, the standard of care that you and I would take with somebody else's secret information.

Spectrum News 1 reached out to Deloitte and Ohio Job and Family Services regarding the lawsuit. ODJFS was not named, but issues this statement:

While ODJFS is not named in the lawsuit, we hold the confidentiality of claimant data in the highest regard. Deloitte recently notified ODJFS that about two dozen individuals inadvertently had the capability to view other PUA claimants' correspondence. Once the unauthorized access was identified, Deloitte fixed the issue within one hour. ODJFS contacted the individuals who had accidental access to the system data. Although there is no evidence of any widespread data compromise, Deloitte is offering credit monitoring to all PUA claimants for 12 months. We have no reason to believe that anyone used the brief time they had access to the data with malicious intent. Additionally, we agreed with the immediate steps Deloitte took to prevent any unauthorized PUA access in the future. 

Deloitte also issued the following statement: 

"We are deeply committed to protecting the personal information of our clients and the people they serve. The systems were not hacked or externally breached. A unique circumstance enabled about three dozen Pandemic Unemployment Assistance claimants across three states to inadvertently access a restricted page when logged into their state's PUA website. Within an hour of learning of this issue, we identified the cause and stopped the unauthorized access to prevent additional occurrences. Out of an abundance of caution, we are offering 12 months of free credit monitoring to those PUA claimants potentially impacted."

The two statements seem to differ on how many people had access to the system. Dann says he hopes to prove that despite those statements, there was a connection between the data leak and these cases of identity theft.

"The most logical answer here is that lots more people had access to this data, or it wouldn't have fallen in the hands of criminals so quickly. If it was just a brief data glitch and there are only a few people saw it, then they just got really unlucky that everybody who saw it was a criminal. That just doesn't make any sense to me at all," says Dann.

Nolen says since the hack, she hasn't been able to sleep, and she's going to have to wait weeks to get her money back.

"It's just frustrating; I can't sleep at night. I just stopped crying," says Nolen.