(The Center Square) – The state of Ohio would pay for credit monitoring and state agencies would be required to conduct cyber audits if legislation planned for the Ohio House becomes law.
State Reps. Jeffrey Crossman, D-Parma, and Lisa Sobecki, D-Toledo, said Wednesday at a news conference each have heard from witnesses at hearings and constituents who claim personal information has been stolen and benefits rerouted by hackers through the state unemployment system.
The Ohio Department of Job and Family Services (ODJFS) denies its system has been hacked and said account issues have decreased, pointing toward recent security upgrades as efforts to correct any problems.
Crossman and Sobecki, however, put blame on Gov. Mike DeWine and his administration for failing to upgrade the system and failing to admit the system has been compromised.
“In all likelihood, the system has been hacked," Sobecki said. "I think the dinosaurs are as old as the state unemployment system. Gov. DeWine, Ohioans deserve the truth. How many times have you updated your cell phone since 2004? The state hasn’t even updated its system since 2004.”
The ODJFS uses the term account takeover, rather than hacking, when addressing Ohioans who have had bank routing numbers changed by outside sources in an effort to take unemployment benefits, lawmakers said.
“I think they are going out of their way to admit there has not been hacking," Crossman said. "The reason they don’t want to say hacking is it makes them responsible in some way. They want to shift the blame over from themselves.”
The two plan to introduce a resolution and legislation that puts responsibility on the state to find the problems and help Ohioans who have had issues.
The resolution would call up the Ohio National Guard’s cyber attack unit to investigate issues, rather than using outside vendors.
“That’s what that unit is there for. Instead, we’re spending millions of state tax dollars on no-bid contracts to outside vendors,” Crossman said.
Legislation that would require the state to notify a person when an account has been hacked, as well as the state pay for credit monitoring, also is expected. It also would require state agencies to conduct cyber audits at least every two years.
“It’s time to stop disputing that hacking has actually occurred and avoiding even the use of the word hacking," Crossman said. "Ohio’s unemployment system has been compromised by persons without legal access. By definition, that is hacking.”