Security breach detected in Kentucky's unemployment system

FRANKFORT, Ky. (AP) — Kentucky's unemployment system was hit with another security breach, but state officials offered assurances Wednesday that it posed no threat to sensitive financial information.

State technology workers are trying to determine the cause of the latest breach.

The problem was discovered Monday after a claimant saw another person's information while navigating his own unemployment application, the state Labor Cabinet said.

The claimant saw the other person's employer and health information, it said.

“At no time was the other individual’s name, Social Security number or other personally identifying information available," the cabinet said.

Gov. Andy Beshear discussed the matter later Wednesday. As with the first breach, “absolutely no one to our knowledge has been financially harmed whatsoever” in the latest incident, he said.

The Office of Technology Services is investigating, and once it determines the cause, actions will be taken to prevent similar problems, the cabinet said.

A prior breach in the spring allowed some unemployment filers to view information for other claimants. The findings of a review of that breach will be released in coming days, Beshear said.

“I believe that what it will show is that on the technical side, the response was everything we’d want -- was shutting down the system, getting it fixed, protecting that information,” he said. “On the reporting side, I think we’re going to find that a better job should have been done.”

State Attorney General Daniel Cameron and Auditor Mike Harmon, both Republicans, have called on Beshear’s administration to explain a delay in disclosing the initial breach.

Kentucky's unemployment system, like others nationwide, has faced an unprecedented surge in claims for jobless benefits amid the coronavirus pandemic that damaged the economy. Beshear's handling of unemployment issues has come under steady attack from Kentucky Republicans.

State GOP spokesman Mike Lonergan said Wednesday that the latest security breach was another example that Beshear's unemployment office is “one abysmal failure after another."

Beshear said the state has to “patch" vulnerabilities in the computer system because “it’s so old.”

“Our challenge is this system was put in in 2000," he said. “Can you imagine if the computer system that you had in 2000 currently had to protect critical information of almost a million Kentuckians?

“It’s what happens again when we starve a system,” he added.

Beshear has noted on several occasions that the state’s unemployment system endured years of budget cuts before he became governor.

Beshear's administration recently decided to extend a contract with an outside company hired to help work through a backlog of unemployment claims. On Friday, his administration said more than 1 million unemployment insurance claims had been filed, paying out more than $3.23 billion to Kentuckians since the virus outbreak began.