Pennsylvanians caught in future security breaches could find out sooner
By: KDKA-TV's Seth Kaplan
HARRISBURG, Pa. (KDKA) — Luke Grumblatt of Reading knew only that he had been unemployed for five weeks, but he had only received two weeks of unemployment compensation.
Thousands of other Pennsylvanians knew similar things about themselves. But they didn't know they weren't alone.
They didn't know what Pennsylvania Department of Labor & Industry leaders later acknowledged: That the agency knew something bigger was happening. Hackers were logging into unemployment compensation accounts and — with nothing more than the claimants' initial login credentials — changing banking information to divert directly-deposited unemployment checks into fraudulent bank accounts.
Grumblatt figured out on his own that his checks were going to an account at a San Francisco-based internet bank rather than into his account at a local bank.
Soon, if Governor Tom Wolf signs into law a new bill, which unanimously passed the state House of Representatives on Wednesday after previously passing in the Senate?
"The public would be aware," said Sen. Pat Stefano (R-Fayette County), one of the bill's sponsors.
The late-2021 "bank hijacking," as L&I leaders termed it, of the unemployment compensation system was the second high-profile commonwealth government data security system in less than a year. Hackers also stole confidential information collected during COVID-19 contact tracing operations.
In that case, Pennsylvania Department of Health leaders said employees of a company contracted to do the job – Insight Global – had used insecure web-based documents to collect personal information.
The legislation requires notification of people potentially impacted by cybersecurity incidents within seven business days after agencies learn of a breach. It covers not only government agencies but also contracted companies.
Next, likely within a few days, the bill will formally go to Wolf, who will then have 10 days to decide whether to sign it. His spokesperson, Elizabeth Rementer, said he is reviewing it.
Grumblatt said he wished measures like those in the new legislation had been in place to protect and alert him.
"But at the same time, to take the steps to now rectify it is a good move no matter what," he said.