Skip to main content
State Seal State Seal State Seal
Home Button Home Button Home Button
 
 

Dem Reps. Crossman, Sobecki call for cybersecurity investigation into unemployment account hacks

File legislation to launch investigation into account breaches, require credit monitoring for affected Ohioans
September 23, 2021
Democrat Newsroom

Reps. Jeffrey A. Crossman (D-Parma) and Lisa Sobecki (D-Toledo) filed legislation today to address alleged hacking of the state’s unemployment system that has compromised personal information and resulted in thousands of dollars stolen from deserving recipients. The legislation would urge Gov. DeWine to activate the Ohio Cyber Reserve to investigate the multiple reports of hacking in the state’s unemployment compensation network. Thus far, the Ohio Department of Jobs and Family Services (ODJFS) has refused to acknowledge a hack and has instead referred to those incidents as “account takeovers.”

“The first step in solving a problem is admitting you have one,” said Rep. Crossman. “While ODJFS refuses to admit to hacking, we’ve heard directly from constituents who clearly have been impacted. Lying about the problem only emboldens the thieves, and fails to address the core issue—ODJFS’s cybersecurity is garbage.” 

“We have a serious problem in Ohio with the security of our Unemployment System, and the Governor and Director of ODJFS are not doing enough to address the problem,” said Rep. Sobecki. “There are numerous questions unanswered, and Ohioans deserve the truth.”

Reps. Crossman and Sobecki have continually demanded more transparency from ODJFS including sending multiple records requests so that Ohioans can fully understand the scope of the hacking and what is being done to protect private personal information.  Thus far, ODJFS has not responded to the records request.

The legislation would also require a state agency, in the event of a breach of its systems, to pay for credit monitoring for anyone whose personal information was compromised and inform them of how to obtain the credit monitoring, as well as require state agencies to engage in periodic “cyber audits” to assess risk and security levels. These separate pieces of legislation do not yet have bill numbers assigned.