Social Security numbers and other personal information of up to 1.9 million residents in Michigan's unemployment benefits system may have been compromised, the state said Friday.
The problem stemmed from a software update, state officials said, and made the information available to employers and human resources professionals who use the Michigan Data Automated System, not unemployment claimants or the general public. It's not clear whether anyone actually accessed the information, which included names, wages and Social Security numbers.
The number of people affected will not be known until an investigation is finished. Those potentially at risk include residents whose payroll is processed by one of 31 third-party vendors that works with the state Unemployment Insurance Agency.
The software update was done in October. Officials said a "vulnerability" was identified on Jan. 31, and a fix to block unauthorized access was implemented that day.
"Data security is a top priority for the state of Michigan," David Behen, director of the Department of Technology, Management and Budget, said in a statement. "We will work with our third-party vendors and our state team to review our processes and procedures to avoid incidents like this in the future."
He said if a data breach is confirmed, those affected will be notified immediately.