LITTLE ROCK, Ark. — The troubled website Arkansas built from scratch to offer unemployment assistance to freelancers and contractors knocked out of work by the COVID-19 pandemic remains offline Monday because of a security breach detected before the weekend.
Technicians with the state Department of Commerce have been working to fix the portal after a person alerted authorities they had gained access to other applicants' private data.
Whether you call that person a hacker or a concerned citizen may come down to political points of view.
"It is being investigated by the FBI," said Governor Asa Hutchinson during his latest update on the pandemic response. "My information was this data was exploited."
The Republican governor was a former high-ranking official in the Department of Homeland Security, and to him, what happened Friday evening sounded like a hack, but so far, nothing malicious appears to have taken place.
"We don't believe that the data was manipulated," the governor said. "Where someone would go in and change a bank account number, which is what criminals would do."
Investigators have their hands full with fraudsters targeting unemployment in other states. Thousands of dollars have left state coffers in Washington when someone managed to claim supplemental unemployment checks made available through the CARES Act by using names of people who stayed on the job.
In Arkansas, the site was knocked offline Friday. It didn't start taking applications from out-of-work self-employed filers until May 5th. It had been open to some for a test run for a few days prior, but then hundreds of applicants had to resubmit paperwork.
According to Democratic party leaders, the latest troubles unfolded after an applicant and computer expert discovered the site's poor security. They say the flaws were easily exploited and want answers from the third-party vendor, Protech, who was hired to build it for $3 million.
"Who administered this contract? Who oversaw this contract," said Michael John Gray, chair of the Democratic Party of Arkansas during a news conference calling for a bipartisan investigation. "What are the ramifications to those who chose this vendor? What are the ramifications to the vendor?"
The person who found the flaws could face ramifications as well. Democrats say the person called two state agencies to alert them, but then called the weekly newspaper the Arkansas Times.
A statement from the FBI confirming the investigation spells out how to report cyber vulnerabilities and then what to do next.
"We urge the public to report any suspicious cyber activity to the FBI at www.ic3.gov," said Connor Hagan with the Little Rock bureau. "We’d also like to remind Arkansans to immediately report any cyber vulnerabilities they encounter online to law enforcement and then take no further action."
Meanwhile, Arkansas is falling farther behind at least 37 other states or territories in doling out the PUA dollars, leaving the governor is left to deal with a political problem brought on by technical trip-up.
"It's technical and we have technical experts that are working on this," he said. "The FBI is working on this and so that's all the information I can share with you."