Skip to main content
online security warning online security warning online security warning online security warning online security warning online security warning

PUA Security Breach Class Action Lawsuit Filed

Cincinnati, Ohio privacy attorney and data breach lawyer investigating unemployment PUA security breach class actions and filing lawsuits on behalf of affected plaintiffs


The Lyon Firm, on behalf of Ohio plaintiffs, has filed a PUA security breach class action lawsuit following an extensive PUA program unemployment security breach. The PUA (Pandemic Unemployment Assistance) program was established to expand unemployment insurance eligibility to self-employed workers, freelancers, independent contractors, and part-time workers.

The unemployment security breach class action names Deloitte Consulting LLP as a defendant for its alleged failure to secure and safeguard personally identifiable information (PII). Deloitte Consulting contracted with various state agencies—including the Ohio Department of Job and Family Services (ODJFS), the Illinois Department of Employment Security (IDES), and the Colorado Department of Labor and Employment (CDLE) to assist them in administering the federal Pandemic Unemployment Assistance program.

Deloitte regularly provides public sector labor and employment services to states, including unemployment insurance solutions. Deloitte was contracted to create and maintain PUA the web-based portal through which unemployed applicants could apply for benefits and communicate with the state unemployment agencies. The system, however, may have been faulty, and could have exposed thousands of applicants’ private information, including social security numbers and home addresses.


Cincinnati, Ohio data privacy attorney Joe Lyon is representing plaintiffs in a variety of data breach litigation, including the Pandemic Unemployment Assistance PUA security breach class action.


PUA Security Breach Class Action


In May 2020, officials from ODJFS, IDES, and CDL publicly confirmed that their computerized unemployment systems, designed, built and maintained by Deloitte, allowed public access to applicants’ PII, possibly exposing sensitive private data of applicants who had recently filed for unemployment benefits. Plaintiffs believe the number of unemployment applicants whose PII was exposed numbers could be in the hundreds of thousands.

On May 17, 2020, officials from IDES confirmed that they were aware of a software “glitch” in the new PUA system designed and maintained by Deloitte. The “glitch” allegedly made private information publicly available for a short time. The following day, officials from CDLE confirmed that it too experienced a “data access issue” with the new PUA system, which allowed the public to view applicants’ PII.

On May 20, 2020, the Ohio plaintiffs each received correspondence from ODJFS notifying them of the unemployment security breach, and recommended that the plaintiffs monitor their credit, place a fraud alert on certain credit files, and place a security freeze on their credit reports.

Since learning of the breach, the plaintiffs have been forced to take multiple precautionary steps to protect themselves and their property in an effort to avoid becoming a victim of identity fraud. Each security breach victim spent a considerable amount of time and effort to further protect themselves.


Unemployment Security Breach Lawsuit


Because the defendant was entrusted with applicants’ PII, it had a duty to applicants to keep their personal information secure. They were aware that safeguarding applicants’ PII is vitally important, and regularly represents itself to have advanced security features to protect clients’ personal information.

Common security standards accepted among businesses that store PII using the internet include the following:

  • Maintaining a secure firewall configuration
  • Monitoring for suspicious or irregular traffic to servers
  • Monitoring for suspicious credentials used to access servers
  • Monitoring for suspicious or irregular activity by known users
  • Monitoring for suspicious or unknown users
  • Monitoring for suspicious or irregular server requests
  • Monitoring for server requests for PII
  • Monitoring for server requests from VPNs

The Federal Trade Commission (FTC) recommends that businesses identify all connections to the computers where they store sensitive information, monitor incoming and outgoing traffic, assess the vulnerability of each connection to potential attacks, identify and profile the operating system and open network services, and use a firewall to protect their computers from malware and hacker attacks.


The Lyon Firm continues to investigate individual PUA data privacy claims in relation to the filed class action lawsuit. If you received an alert or communication that indicates your personal information may have been compromised due to the PUA security breach, contact Joe Lyon at (800) 513-2403 for a free case review.

Cincinnati Data Breach Attorney, Data Privacy Lawyer, Identity Theft, Security Breach Lawsuits, Unemployment Data Breach

Leave a Reply