YORK COUNTY, Pa. — A lot of us have been impacted by several big data breaches over the past few years, so we know our personal information is likely out there somewhere.
Now it appears hackers are using that information to falsely file for unemployment benefits in Pennsylvania.
As fox43 finds out, some people didn't even know they were victims until thousands of dollars’ worth of checks showed up.
Thousands of dollars in benefits they never applied for
Angela Kern got these checks in the mail from the Pennsylvania department of labor and industry.
Two unemployment checks, totaling more than $7,500.
Expect, Kern hasn't applied for unemployment benefits for 35 years.
"My first thought was Uh oh," she said.
The York County woman knew this was a mistake, so she tried to get in touch with the state unemployment office.
"I'm getting responses like "uh, we probably won't get back to you because we're only handling new claims." So I'm like, wait a minute. We need to jump on this fast. I need to know if any other money was collected in my name, what bank accounts it went into and then I can work with the police to track these people down and arrest them, get them," she said.
Kern is also a cybersecurity expert, so she knows how dangerous it can be when your PII, or personally identifiable information, gets in the wrong hands.
Like a social security number, which you need to file for unemployment.
"What is the state unemployment people doing to protect our identity end to end? They're not validating identity properly," said Kern,
She isn't the only one dealing with this.
State Representative Sheryl Delozier tweeted that she received $7,000t in unemployment claims that didn`t belong to her either.
Meanwhile, people are emailing FOX43 every day saying they are still waiting for their legitimate unemployment payments.
Kern said, "My brother-in-law has been waiting, unemployed now for months. Nothing coming in. I've been loaning him money to get through this. And then my step-sister thinks she's received double unemployment."
Department of L&I launches an investigation
The Department of Labor and Industry is now investigating.
"This was not our system that was hacked. We don't know where the bad guys are getting their information from."
The department put a hold on 58,000 claims after noticing some were fraudulent over memorial day weekend.
"I want to be clear, this doesn't mean we identified that number of claims as being fraudulent, it means we needed to investigate those claims further base on the information we received from state and federal partners. I'm happy to report that the majority of those claims have been verified as authentic."
At this point, the department says it will not go into any more details on the investigation.
However, we do know that people are in fact victims, like Kern, Representative Delozier, and more.
"That's the most frustrating part of this is that there's no other information coming out about this," said Kern.
Freeze your credit and check your credit reports
She now put a freeze on her credit and checked her credit reports.
You should be doing the same if someone is filing fraudulent claims in your name.
However, the cybersecurity expert says this incident should get the attention of other state agencies too.
"I think it's a lack of training and understanding. Last year there were 320,000 open cybersecurity jobs and we only graduated 35,000 people in this field. So there's a severe shortage of people to even help the governments protect this information."
There's also the issue of outdated equipment.
Back in 2017, an audit of the state's Unemployment Compensation System found the computer system was "being held together with bubble-gum and rubber bands."
At this point, the auditor general's office says there are not future audits of the unemployment system on the schedule.
Though Kern believes the fix, in this case, is simple.
"That's all our state government needs to do to validate identity is ask questions that they already know about is that only we would know."
FOX43 finds out did ask the Department of Labor and Industry if it plans to update security on its website while people file to catch fraudulent claims before they're filed. Here's the department's response:
Multiple states are seeing this attempted fraudulent activity involving the federal PUA program, in which scammers use personal identifying information stolen from other sources to establish phony bank accounts and attempt to receive these unemployment benefits.
As soon as L&I’s anti-fraud division became of aware of the potential fraud attempts over the Memorial Day weekend, we immediately took action. We switched payment methods for all PUA claimants to paper checks. Claimants who had existing UC-issued debit cards from U.S. Bank (ReliaCard) are again receiving payments on those cards as of this week. Individuals that had been receiving PUA payments via direct deposit will be switched over to the U.S. Bank ReliaCards and should receive them in the mail next week. All PUA claimants will receive benefits payments via the ReliaCard debit cards until further notice.
We are in the early stages of this active investigation and are unable to provide additional details.
The Pennsylvania Treasury issued a press release about the switch to debit cards. You can see the full release here.
The links below provide additional information on how to report suspected UC fraud, what to do if you receive UC benefits you did not apply for, and how to avoid scams. Please feel free to share this information with your readers.
This scam provides an opportunity to remind all Pennsylvanians to keep a close eye on their credit rating and remain vigilant in protecting their personal information. Free credit reports are available weekly through April 2021 at AnnualCreditReport.com.
With regards to our unemployment compensation system, a new vendor, Geographic Solutions Inc, (GSI), quickly built a new system specifically for PUA in order to meet federal requirements for that program. The company is also in the process of building a separate new system for the state’s regular UC program. That system is on schedule to go live this fall.