LANSING, Mich. (AP) — Social Security numbers and other personal information of up to 1.9 million Michigan workers may have been compromised, the state said Friday.
The problem stemmed from a software update to Michigan's unemployment system, state officials said, and made people's names, wage information and Social Security numbers available for roughly 3½ months to employers and third-party payroll vendors who should not have had access.
There is no indication yet that anyone used the information for malicious purposes.
The number of people affected will not be known until an investigation is finished. Those potentially at risk include employees whose payroll is processed by one of 31 third-party vendors that works with the Unemployment Insurance Agency.
The software update was done Oct. 10. Officials said a "vulnerability" was identified on Jan. 30, and a fix to block unauthorized access was implemented that day.
"Data security is a top priority for the state of Michigan," David Behen, director of the Department of Technology, Management and Budget, said in a statement. "We will work with our third-party vendors and our state team to review our processes and procedures to avoid incidents like this in the future."
He said if a breach is confirmed, those affected will be notified immediately.