Questions and Answers

We take the responsibility of protecting customer information and privacy very seriously and have implemented advanced security measures on our networks to ensure the safety of our customers' information.

Like many other government agencies and other organizations, we are targeted by hackers that try to break into computer systems in order to steal data. Unfortunately, our computer system fell victim to such an attack recently, and unauthorized access to our servers took place.

What happened?

A computer virus (W32.QAKBOT) infected the networks running the work stations utilized by staff at the Department of Unemployment Assistance (DUA), Department of Career Services (DCS), and some One-Stop Career Centers from April 19, 2011 to May 13, 2011. Steps were taken immediately with the assistance of our security provider Symantec to eliminate the virus on our networks and individual PCs.

What data may be breached?

As a result of the virus, there is a possibility that the data breach affected confidential claimant or employer information. This information may include names, Social Security Numbers, email addresses and residential or business addresses. We believe that only claimants who filed a new claim or requested staff assistance with their claim and employers who filed via paper during this timeframe are affected by this data breach. If you accessed your information online via DUA QUEST, WebCert or JobQuest, and a staff member was not involved with your claim, your information has not been compromised. This virus is isolated to our network and will not re-infect PCs outside of our network through contact with our online applications.

What action(s) have been taken against this data breach?

We are conducting an internal investigation to determine how this security breach occurred and we are bringing in security experts to help us implement additional network safeguards to ensure that this does not happen again. We are also working with officials on the federal and state level to prevent a future occurrence, and will take all steps to find and address this problem.

Does this mean I am the victim of identify theft?

No. The fact that someone may have access to your information doesn't mean that you are a victim of identity theft or that they intend to use the information to commit fraud. We wanted to let you know about the incident so you can take steps to protect yourself.

What are the steps I can take to protect myself?

We advise all claimants, career center users, and businesses which file manually to be vigilant with their personal information and financial matters. Individuals who conducted business from April 19 through May 13 requiring that a staff person access your file online with DCS, DUA or at a One-Stop Career Center are urged to put a fraud alert on their credit reports.

You may request a free credit report and request a fraud alert or credit freeze placed on your consumer credit file by contacting one of the national credit bureaus. Once one credit bureau places a fraud alert on your credit file, it will contact the other two credit bureaus. Fraud alerts are typically in effect for 90 days, but can be renewed. There is no cost for placing a fraud alert on your credit report. Please note that the credit reporting agencies may charge up to $5.00 each to place, lift or remove a credit freeze. Credit reports are available for free once every 12 months from each of the credit reporting companies. The credit bureaus may be contacted at:

Equifax: (800) 525-6285 ( http://www.equifax.com)

Experian: (888) 397-3742 ( http://www.experian.com)

TransUnion: (800) 680-7289 ( http://www.tuc.com)

You can also access additional information on our website http://1.usa.gov/jcLaDY about identity theft and how to safeguard your personal information, and please call 1-877-232-6200 at EOLWD.

Will the state contact me to ask for personal information because of this event?

We do not contact customers to ask for personal information such as Social Security number, credit card or banking information. If you receive a call or email requesting your personal information, please report this to your local police department, District Attorney's Office, or the Attorney General's Office.

What can I do if I believe I have already become the victim of ID theft?

If you believe you have become a victim of identity theft, you should report the crimes to the fraud division of your local police department. In addition, if you believe your personal information was used for employment purposes, you should inform the Internal Revenue Service (IRS) and Social Security Administration (SSA).