Democrats call for investigation into grant program, unemployment system data breach

The Democratic Party of Arkansas on Monday (May 18) called for investigations into a breach of the state’s newly launched Pandemic Unemployment Assistance (PUA) program and alleged advanced notice to some about the state’s Ready for Business grant program.

Gov. Asa Hutchinson said the DPA action is a shameful “partisan attack” during a time when people from both parties are working together to find solutions during the COVID-19 pandemic.

It was learned late Friday (May 15) the state’s website managing the PUA system had been breached. The PUA is a new federal program providing unemployment benefits to the self-employed, freelancers and others not typically qualifying for such benefits. The money comes from the Coronavirus Aid, Relief, and Economic Security (CARES) Act approved by Congress to provide aid to individuals, businesses and state and local governments in response to the pandemic.

As of May 12, 37 states had an PUA system in place, with Arkansas one of the few remaining states working to get a system in place. Arkansas Secretary of Commerce Mike Preston previously estimated a minimum of 125,000 Arkansans will qualify for the expanded unemployment benefit.

According to the Arkansas Times, the person who found a flaw in the state’s PUA website tried to contact two agencies about the problem before notifying an Arkansas Times reporter. The flaw allowed the person to see the Social Security number, bank account info and other details of a person’s application. It is estimated the breach impacts around 30,000 applications.

Gov. Hutchinson and Preston have faced allegations of certain businesses and business groups getting advance notice of the $147.7 million Ready for Business grant program. The program was created to help businesses prepare to reopen, and each grant is capped at $100,000.

Democratic Party of Arkansas Chairman Michael John Gray on Monday called for an independent bipartisan committee of legislators – not an existing committee – to investigate the PUA website breach and alleged favoritism with the grant program. Specifically, Gray listed three questions in his Monday morning conference call.
• Was there insider knowledge to help favorites in the grant program?
• Why are laid off workers not yet receiving PUA benefits yet?
• Who administered the PUA contract work, has the vendor been paid, and has the vendor been reprimanded for breach?

“This deserves an investigation, we are calling for a bipartisan investigation,” Gray said, adding later, “You’d hope there would be bipartisan support [for an investigation]… there’s definitely bipartisan frustration.”

Gov. Hutchinson pushed back Monday against Gray’s call for an investigation, noting that a bipartisan group of legislators approved the grant program.

“First of all, I think it’s a shame anyone would try to use the pandemic for partisan benefit and partisan attacks. I just think that is unnecessary and uncalled for, and whenever there are so many working together in a bipartisan fashion to seek solutions, I think that speaks very poorly that you engage in a partisan attack during this time,” he said.

However, a bipartisan group of legislators grilled Preston during a Friday afternoon committee meeting – which was held before the PUA breach was made public. Legislators said the grant program was “botched at the outset,” “disappointing” and changes were made unilaterally by the Commerce Department without legislative approval, according to this report by the Arkansas Democrat-Gazette. Sen. Terry Rice, R-Waldron, said it was “plain to see people knew ahead of time.”

An Arkansas Times reporter during the governor’s daily briefing asked why the actions of the person who discovered the website problem are seen in a negative light instead of a person who was helping the state protect the system. Gov. Hutchinson said no matter the nature of the breach, it must be investigated and reported to law enforcement. Later in his answer, the governor said there is a difference between if “you see a vulnerability or did you find the vulnerability. And I think we will let the investigation speak for itself on those points.”