This article was originally written by Emily Lawler of MLive.com about the recent data hack on the State of Michigan’s computer system. The original article can be found here.
LANSING, MI — A state computer system contained a glitch and may have exposed personal information, the Michigan Department of Technology Management and Budget revealed on Friday.
Here’s everything we know so far:
In October 2016, a software update to the Michigan Data Automated System (MiDAS) system used by the state’s Unemployment Insurance Agency allowed employers and human resources professionals to access personal information they were not authorized to view. The state identified the problem on Jan. 30 and fixed it on Jan. 31, 2017.
Who could have accessed the information?
Human resources professionals working at payroll vendor companies. These companies handle compliance with the state’s unemployment requirements for Michigan employers.
It’s worth noting those who could potentially have accessed the information are professionals who are routinely handling sensitive information, said Unemployment Insurance Agency spokesman Dave Murray.
What information could unauthorized users have accessed?
An unauthorized user could have accessed a person’s name, social security number and wage information.
Birth dates and home addresses could not have been accessed by an unauthorized user.
How many people were exposed?
That is not known at this point, said Murray and DTMB spokesman Caleb Buhs. The Michigan State Police Cyber Command Center is conducting an investigation to determine how many were exposed to a release of information. As many as 1.87 million Michiganders could be affected.
Could your information have been exposed?
As Buhs put it, “If you are an employee in Michigan and your company uses a payroll vendor to process payroll, then you can potentially be included.”
There are 31 payroll vendors in the state:
Casper Willson Wilson
CoStaff National Services Inc
CSS Payroll Inc
Highpoint Business Services LLC
Infiniti HR LLC
Julie Lepper Acctg
My Pay Solutions
Nieland & Kosanke PC
One Source Virtual
Paycomm Payroll LLC
Payroll Tax Mgt
VenSure HR Inc
Wayne County Regional
You would not have been part of the potentially exposed group if:
- You worked for a company that did not use a payroll vendor
- You were not an active employee at any time between Oct. 10 and Jan. 31
What should you do?
DTMB recommends the following:
- Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
- Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax(r), Experian(r) and TransUnion(r) – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission website, www.ftc.gov.
- Take steps to monitor their personally identifiable information and report any suspected instances of identity theft to their local law enforcement.
Who can you contact?
The state has set up a special hotline to handle inquiries about this issue. Reach it by calling 855-707-8387 between 8 a.m. and 4 p.m. on weekdays.
How is the state moving forward?
The state has already fixed the problem, but State Police are working to identify and notify those who may have been affected. The state is reviewing how it handles patches from third-party vendors.
“We are learning from this. We’re taking steps moving forward to make sure that we review and test and check, double-check, triple-check these updates in the future,” Buhs said.