IL Auditor General Finds Cybersecurity Measures Inadequate at IDES

By Benjamin Cox on July 13, 2020 at 1:12pm

The problems at the Illinois Department of Employment Security continue to mount. The Illinois Auditor General has released a two year compliance report for the state’s Department of Employment Security on July 9th finding that cybersecurity measures at the department are inadequate.

The report only covers issues within the department from July 1, 2017 to June 30, 2019. So, it does not include the massive data breach within the IDES unemployment system discovered this May.

Mike Miletich of the Illinois Capital Bureau reports that Auditor General Frank Mautino says that IDES failed to classify data to ensure that personal information like addresses, social security numbers, and tax numbers would be protected from cyberattacks.

Mautino found roughly 10% of IDES employees sampled in a test didn’t complete mandatory annual cybersecurity training.

Republican State Representative Terri Bryant of Murphysboro, who was one of the first to speak about the May data breach and has been a common voice of criticism of the Pritzker Administration’s handling of response to that breach, says more needs to be done about the state’s unemployment system and its security. Bryant served as an internal and external auditor for the Illinois Department of Corrections prior to her retirement in 2014.

Bryant has asked for a hearing with IDES, the Auditor General, and the Pritzker Administration on the data breach and other issues at IDES in Springfield before lawmakers return for the veto session in mid-November.