On Tuesday of this week, the Massachusetts Executive Office of Labor and Workforce Development (EOLWD) issued a press release announing a dat breach at the Departments of Unemployment Assistance (DUA) and Career Services (DCS) network. Several employee desktop computers at the One Stop Career Centers were infected on April 20, 2011 with a computer virus that collected and transmitted the confidential information of DUA customers and employees. EOLWD learned of the computer virus on May 16, 2011.
The computer virus collected the following information: names, Social Security Numbers, Employer Identification Numbers, e-mail addresses, residential street addresses, and business street addresses. Bank account information may also have been stolen. The virus may have infected as manay as 1,500 DUA computers. With the assistance of Symantec, the EOLWD's computer security consultant, the virus was removed from all affected desktop computers.
While the exact number of breach victims was not disclosed, the press release advised that any consumers who conducted business at a DUA office between April 19 through May 13, plus about 1,200 businesses, should take the following precautions:
- For answers to common questions, call 1-877-232-6200 or visit the EOLWD data breach website
- Review your credit reports (e.g., Experian, Equifax, and TransUnion) for fraudulent entries
- Place a Fraud Alert or Security Freeze on your credit reports
The EOLWD plans to notify breach victims directly. Depending upon the number of breach victims, Massachusetts law allows organizations to notify consumers via ads in newspapers or directly via breach letters.
The press release did not state when that notification will be sent, nor if the notification will offer breach victims with a period of free credit monitoring and identity-theft resolution services. The press release did not state whether the state will reimburse breach victims for the costs to place a Security Freeze on their credit reports.
In my opinion, the EOLWD letter to breach victims should address all of these concerns. Since this theft includes enough sensitive personal information for identity criminals to obtain loans or credit in the breach victims' names, I recommend that breach victims follow all of the above precautions. Learn about the differences between a Fraud Alert and a Security Freeze options. If you find fraudulent entries in your credit reports, then stronger protection of a Security Freeze option is needed, since it prevents credit from being issued unless you authorize it.
After a data breach in 2007 by a prior employer, I had to learn about these options. I first tried a Fraud Alert, but later placed a Security Freeze on my credit reports at Experian, Equifax, and TransUnion. For me, it was important to have the strongest protections available since I did not need more credit.
If you received a breach notification letter from EOLWD, what did the letter offer? Did you find the notification letter helpful?