Julie Forster reports:
The state agency that administers unemployment benefits is addressing concerns that it lacked adequate security controls for its computer system, leaving private information about applicants vulnerable to data breaches, according to a legislative audit report.
The Dec. 3 report details the lack of controls with the massive Department of Employment and Economic Development system through which 336,000 Minnesotans have applied for jobless benefits in 2009.
“In my opinion, the key ingredients of a security program are missing,” said Eric Wion, who managed the audit, which took place last summer.
Among other things, the report details where employees had inappropriate access to personal information that went beyond what they needed to complete their jobs. Systems programmers who develop code, for example, had access to information they didn’t need and shared passwords that could modify or delete files.
More than 30 people had access to passwords stored in a poorly secured electronic file. The department did not routinely scan for vulnerabilities, and data were not encrypted to mitigate inappropriate use, the report found.
Read more in the Pioneer Press.