Cybersecurity expert takes Kentucky's unemployment system to task, calling it functionally obsolete
Hackers force officials to temporarily sideline system, adding to months of woe for many claimants
Hackers force officials to temporarily sideline system, adding to months of woe for many claimants
Hackers force officials to temporarily sideline system, adding to months of woe for many claimants
There are two reasons Aleshia Baker said she and her husband are now living on the streets of Covington. One is the COVID-19 pandemic, which Baker said cost her a job at a local restaurant. The second reason is Kentucky's unemployment system, which has not been able to keep up with a flood of new claims for assistance.
"Us people that do need our money, we can't get it and we're struggling. We're on the street now," Baker said. "We just got put on the street because of that, because we couldn't help the roommate with the rent and everything."
The situation got worse Thursday when Kentucky officials temporarily shut the unemployment system down because hackers have tried to break into personal accounts and steal money.
"This apparently is a trend all across the country," Dave Hatter said.
Hatter is a cybersecurity expert who lives in Northern Kentucky. He said he would not be surprised if the wrongdoers live outside the United States.
"I haven't seen anything definitive yet about who's behind it, but my guess is it's some kind of nation-state actor because it seems to be, you know, pretty widespread and a pretty large scale attack," Hatter said.
Hatter called Kentucky's reliance on four-digit pin numbers to access accounts a serious vulnerability.
"Four digits. That's zero through nine, OK? Ten possible choices." he said. "That's only 10,000 possible combinations. ... You know how fast the computer can generate 10,000 possible combinations?"
Hatter said milliseconds, adding the speed advantage hackers have is an obvious problem in a system akin to a span over the Ohio River that also gives people fits.
"It's kind of like the Brent Spence Bridge to me. You know, it's functionally obsolete. It's still working," Hatter said. "Unfortunately, I think the can tends to get kicked until you run into a scenario like this."
It appears about 300,000 accounts in Kentucky's unemployment system were compromised in some way. State officials said all active unemployment claimants should get a letter with a new eight-digit pin number in the coming days.
The system is expected to be back up and running Tuesday.