{"id":82789,"date":"2017-02-04T11:22:37","date_gmt":"2017-02-04T16:22:37","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-10T19:10:46","modified_gmt":"2021-08-10T23:10:46","slug":"state-of-michigan-data-breach","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/state-of-michigan-data-breach\/","title":{"rendered":"State of Michigan Data Breach"},"content":{"rendered":"<p><a href=\"https:\/\/www.clearswift.com\/blog\/2014\/09\/22\/australian-federal-police-department-sensitive-data-leak-scandal\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-98507\" title=\"State of Michigan Data Breach\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data-leak-e1564254486792-150x96.png?resize=116%2C74&#038;ssl=1\" alt=\"State of Michigan Data Breach\" width=\"116\" height=\"74\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data-leak-e1564254486792.png?resize=150%2C96&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data-leak-e1564254486792.png?resize=75%2C48&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/data-leak-e1564254486792.png?w=276&amp;ssl=1 276w\" sizes=\"auto, (max-width: 116px) 100vw, 116px\" \/><\/a><strong>Data breaches<\/strong> are no surprise these days. I have covered a number of data breaches here on the <em><a href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a><\/em> <a href=\"https:\/\/wp.me\/p2wgaW-jLM\" target=\"_blank\" rel=\"noopener\">here<\/a>, <a href=\"https:\/\/wp.me\/p2wgaW-k9O\" target=\"_blank\" rel=\"noopener\">here<\/a>, and <a href=\"https:\/\/wp.me\/p2wgaW-kur\" target=\"_blank\" rel=\"noopener\">here<\/a>. Now the <a href=\"https:\/\/www.michigan.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>State of Michigan<\/strong><\/a> (SOM) has joined the ranks of data leakers like <a href=\"http:\/\/www.businessinsider.com\/yahoo-data-breach-billion-accounts-2016-12\" target=\"_blank\" rel=\"noopener noreferrer\">Yahoo<\/a>, <a href=\"https:\/\/krebsonsecurity.com\/tag\/home-depot-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\">Home Depot<\/a>, <a href=\"http:\/\/www.zdnet.com\/article\/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned\/\" target=\"_blank\" rel=\"noopener noreferrer\">Target<\/a>, <a href=\"https:\/\/wp.me\/p2wgaW-jF3\" target=\"_blank\" rel=\"noopener\">BCBS<\/a>, and the <a href=\"https:\/\/web.archive.org\/web\/20230516032003\/https:\/\/www.opm.gov\/cybersecurity\/cybersecurity-incidents\/\" target=\"_blank\" rel=\"noopener noreferrer\">US government<\/a>. <em><a href=\"http:\/\/www.mlive.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">MLive<\/a><\/em> is <a href=\"http:\/\/www.mlive.com\/news\/index.ssf\/2017\/02\/computer_glitch_potentially_ex.html\" target=\"_blank\" rel=\"noopener noreferrer\">reporting<\/a> that the State of Michigan has<strong> spilled the personal data of millions of Michigan citizens<\/strong>. On February 03, 2017, the <a href=\"https:\/\/www.michigan.gov\/dtmb\/\" target=\"_blank\" rel=\"noopener noreferrer\">Michigan Department of Technology Management and Budget<\/a> (DTMB) announced the Michigan data breach. The breach leaked the Personal information of nearly 20% of Michigan residents who were vulnerable to <strong>unauthorized access for four months<\/strong>.<\/p>\n<h3>Unemployment Insurance Agency<\/h3>\n<p><a href=\"http:\/\/wnmufm.org\/post\/michigan-settles-lawsuit-over-false-unemployment-fraud-cases#stream\/0\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-98510 \" title=\"Unemployment Insurance Agency\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/uia-logo.png?resize=123%2C74&#038;ssl=1\" alt=\"Unemployment Insurance Agency\" width=\"123\" height=\"74\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/uia-logo.png?resize=150%2C90&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/uia-logo.png?resize=75%2C45&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/uia-logo.png?w=259&amp;ssl=1 259w\" sizes=\"auto, (max-width: 123px) 100vw, 123px\" \/><\/a>The article reports that in October 2016, a software update to the <strong><a href=\"http:\/\/audgen.michigan.gov\/complete-projects\/michigan-integrated-data-automated-system-midas\/\" target=\"_blank\" rel=\"noopener noreferrer\">Michigan Data Automated System<\/a><\/strong> (MiDAS) system was used by the state&#8217;s <a href=\"https:\/\/web.archive.org\/web\/20220407042603\/https:\/\/www.michigan.gov\/uia\/\" target=\"_blank\" rel=\"noopener noreferrer\">Unemployment Insurance Agency (UIA)<\/a>. MiDAS was created by <a href=\"https:\/\/www.fastenterprises.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Fast Enterprises<\/a> of Centennial, CO, and went live in 2012 as part of a modernization of the unemployment benefits and tax system. A flaw allowed employers and human resources firms to get <strong>access to names and social security numbers<\/strong> of nearly 1.9 million Michigan residents they were not authorized to view.<\/p>\n<p>The state identified the Michigan data breach on Jan. 30 and fixed it on Jan. 31, 2017. Contracted <strong>payroll service providers<\/strong> had unauthorized access to the MiDAS system, according to UIA spokesperson Dave Murray. Anybody working for a company that uses one of those payroll service providers may have had their personal information compromised. DTMB official Caleb Buhs warned, &#8220;<em>If you are an employee in Michigan and your company uses a payroll vendor to process payroll, then you can potentially be included.<\/em>&#8221;<\/p>\n<h3>Impacted by the Michigan data breach<\/h3>\n<p><a href=\"https:\/\/homesecuritysite.wordpress.com\/2013\/01\/17\/burglary-stories-1-real-life-experiences-of-prevention-tips-for-burglaries-in-cape-town-south-africa\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-98512 size-medium\" title=\"unauthorized access\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/burglar-1-e1564254308782-150x83.jpg?resize=150%2C83&#038;ssl=1\" alt=\"\" width=\"150\" height=\"83\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/burglar-1-e1564254308782.jpg?resize=150%2C83&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/burglar-1-e1564254308782.jpg?resize=75%2C42&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/burglar-1-e1564254308782.jpg?w=400&amp;ssl=1 400w\" sizes=\"auto, (max-width: 150px) 100vw, 150px\" \/><\/a>According to a <a href=\"http:\/\/www.mlive.com\/news\/index.ssf\/2017\/02\/everything_you_need_to_know_ab_1.html\" target=\"_blank\" rel=\"noopener noreferrer\">report<\/a> on <em>MLive,<\/em> the <strong>31 vendors<\/strong> with <strong>unauthorized access to Michigan citizens&#8217; <a title=\"Personally identifiable information\" href=\"http:\/\/en.wikipedia.org\/wiki\/Personally_identifiable_information\" target=\"_blank\" rel=\"nofollow noopener wikipedia noreferrer\">PII<\/a><\/strong> included:<\/p>\n<ul>\n<li>7-Eleven<\/li>\n<li>Aatrix<\/li>\n<li>Accountants World<\/li>\n<li>Acrisure<\/li>\n<li>ADP<\/li>\n<li>Benepay<\/li>\n<li>Casper Willson Wilson<\/li>\n<li>Computing Resources<\/li>\n<li>Connectpay LLC<\/li>\n<li>CoStaff National Services Inc<\/li>\n<li>Craft Accounting<\/li>\n<li>CSS Payroll Inc<\/li>\n<li>DTMB<\/li>\n<li>DM Payroll<\/li>\n<li>Dominion Systems<\/li>\n<li>GT Independence<\/li>\n<li>Heins Acctg<\/li>\n<li>Hewitt Assoc<\/li>\n<li>Highpoint Business Services LLC<\/li>\n<li>Infiniti HR LLC<\/li>\n<li>Julie Lepper Acctg<\/li>\n<li>Mercantile Bank<\/li>\n<li>My Pay Solutions<\/li>\n<li>Nieland &amp; Kosanke PC<\/li>\n<li>One Source Virtual<\/li>\n<li>Paychex<\/li>\n<li>Paycomm Payroll LLC<\/li>\n<li>Paycor<\/li>\n<li>Paylocity Corp<\/li>\n<li>Payroll 1<\/li>\n<li>Payroll Tax Mgt<\/li>\n<li>Professional Systems<\/li>\n<li>Ultimate Software<\/li>\n<li>VenSure HR Inc<\/li>\n<li>Wayne County Regional<\/li>\n<li>Zen Payroll<\/li>\n<\/ul>\n<p><a href=\"https:\/\/web.archive.org\/web\/20210612205603\/https:\/\/humourspot.com\/boys-will-be-boys\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-98514 \" title=\"Data security is a top priority for the state of Michigan\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/boys-will-be-boys-e1564254003768-150x129.jpg?resize=103%2C89&#038;ssl=1\" alt=\"Data security is a top priority for the state of Michigan\" width=\"103\" height=\"89\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/boys-will-be-boys-e1564254003768.jpg?resize=150%2C129&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/boys-will-be-boys-e1564254003768.jpg?resize=75%2C65&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/boys-will-be-boys-e1564254003768.jpg?w=620&amp;ssl=1 620w\" sizes=\"auto, (max-width: 103px) 100vw, 103px\" \/><\/a>DTMB Director and State CIO David Behen stated, &#8220;<em>Data security is a top priority for the state of Michigan &#8230; We will work with our third-party vendors and our state team to check our processes and procedures to avoid incidents like this in the future.<\/em>&#8221;<\/p>\n<h3>Recommendations<\/h3>\n<p>Here&#8217;s what the SOM is recommending those who may have had their PII exposed do:<\/p>\n<ol>\n<li><strong>Call the state hotline<\/strong> at 855-707-8387 between 8 a.m. and 4 p.m. on weekdays to make inquiries about this issue.<\/li>\n<li><strong>Monitor financial account statements<\/strong> and immediately report any suspicious or unusual activity to financial institutions.<\/li>\n<li><strong>Request a free credit report<\/strong> at <a href=\"https:\/\/www.annualcreditreport.com\/index.action\" target=\"_blank\" rel=\"noopener noreferrer\">www.AnnualCreditReport.com<\/a> or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus &#8211; <a href=\"https:\/\/www.equifax.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Equifax<\/strong><\/a><strong>, <a href=\"https:\/\/www.experian.com\/help\/\" target=\"_blank\" rel=\"noopener noreferrer\">Experian<\/a>,<\/strong> and <a href=\"https:\/\/www.transunion.com\/credit-disputes\/dispute-your-credit\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>TransUnion<\/strong><\/a> &#8211; for a total of three reports every year. Contact information for the credit bureaus can be found on the <a title=\"Federal Trade Commission\" href=\"http:\/\/www.ftc.gov\" target=\"_blank\" rel=\"homepage nofollow noopener noreferrer\">Federal Trade Commission<\/a>.<\/li>\n<li>Take steps to <strong>monitor their personally identifiable information<\/strong> and report any suspected instances of identity theft to their local law enforcement.<\/li>\n<\/ol>\n<p><strong>MiDAS<\/strong> has been in the news before. MiDAS&#8217; &#8220;<strong>robo-adjudication<\/strong>&#8221; feature <strong>wrongly flagged at least 20,000 people for unemployment fraud<\/strong> between October 2013 and August 2015. MiDAS would automatically flag a discrepancy and send a message to a seldom-used internal unemployment system. When the victims didn&#8217;t respond, the system would <strong>automatically find they had committed fraud and issue a 400% fine.<\/strong><\/p>\n<p><strong><em>rb-<\/em><\/strong><\/p>\n<p><em>The way data breach report work is that the originating firm under-estimates the number of records lost by half. So it is possible that the SOM has released nearly 4 million or 38% of all Michiganders personal records. <\/em><\/p>\n<p><em><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-98517 \" title=\"Michigan State Police Cyber Command\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/msp-1.jpg?resize=134%2C90&#038;ssl=1\" alt=\"Michigan State Police Cyber Command\" width=\"134\" height=\"90\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/msp-1.jpg?resize=150%2C101&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/msp-1.jpg?resize=75%2C51&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/msp-1.jpg?w=300&amp;ssl=1 300w\" sizes=\"auto, (max-width: 134px) 100vw, 134px\" \/>Despite the Michigan State Police Cyber Command being on the job, it is likely that nothing will happen to the perpetrators &#8211; <a href=\"http:\/\/www.identityprotection.com\/education\/stay-informed\/why-are-identity-thieves-not-arrested-\" target=\"_blank\" rel=\"noopener noreferrer\">nothing ever does<\/a>. DTMB spokesman Buhs said, &#8220;We are learning from this.&#8221; I hope so.<\/em><\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/web.archive.org\/web\/20190729160427\/https:\/\/www.thesimpledollar.com\/transunion-equifax-credit-score\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Equifax, TransUnion Fined for Deceptive Credit Score Marketing<\/a> (thesimpledollar.com)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>State of Michigan data breach exposed 20% of citizens PII thru flawed MiDAS system<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[2990,2849,125,2853,2851,2846,2847,2392,2845,19,2850,951,2852,4,2049,2848,525,2844],"class_list":["post-82789","post","type-post","status-publish","format-standard","hentry","category-security","tag-2990","tag-adp","tag-data-breach","tag-david-behen","tag-dtmb","tag-equifax","tag-experian","tag-home-depot","tag-marissa-mayer","tag-michigan","tag-paychex","tag-pii","tag-rick-synder","tag-security","tag-target","tag-transunion","tag-yahoo","tag-yhoo"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/82789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=82789"}],"version-history":[{"count":15,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/82789\/revisions"}],"predecessor-version":[{"id":129952,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/82789\/revisions\/129952"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=82789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=82789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=82789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}