With Systems Overwhelmed, Thieves Using Past Security Breaches To Rip Off Unemployment Benefits
CHICAGO (CBS) – A CBS 2 Investigation.
A recording that asks for patience on the Illinois Department of Employment Security phone line is not well received by Reginald Fitzgerald.
IDES is dealing with high call volumes as over one million people have filed unemployment claims. However, when Fitzgerald calls, "they hang up on me. I go through 19 prompts to get hung up on."
Fitzgerald been calling the agency for weeks, but not because he's trying to get unemployment benefits. He is a victim of identity theft. He figured that out when he got a letter from IDES basically asking him to confirm his new address.
"I'm still working. I didn't ever file for unemployment," Fitzgerald said. "I didn't initiate this."
When he couldn't get through on the phone, Fitzgerald copied the letter and mailed it back---with a clear message. "This is a fraud!!!!," he wrote, emphasizing it with the four exclamation points.
Amanda Johnson wants unemployment, but she too is a fraud victim. In Johnson's case not only did a thief file for benefits in her name but they're collecting her money.
"They beat me by a week," Johnson said. "I found out the name of their bank, which I've never heard of."
Johnson got that news when she called IDES. How she'd get through? Luck. She got frustrated and started randomly hitting numbers when she was told to hold for a representative.
"I was like, oh my gosh!" Johnson said.
While she was happy to get a real live person, she was not so happy to learn a thief had changed her personal security questions, including her mother's maiden name.
"Which is why I couldn't get verified," she said.
Johnson and Fitzgerald are among the consumers who are now the target of unemployment ID theft.
"With the influx of unemployment benefits from the federal government, ID thieves see this as a big pot of money, and they're trying to cash in on it," said James Lee, chief operating officer of the ID Theft Resource Center in San Diego, Calif.
Lee says the thieves already have the information--passwords, social security numbers, birth dates--from previous security breaches. Like the one that hit Target customers in 2013. It exposed the personal information of 41 million consumers. Then there was Equifax in 2017 compromising 147 million and last year, the Quest Diagnostics breach affecting 12 million.
"They wait for a time like this when a credential gets them into accounts where they can change the information," said Lee.
The thieves may have all the information they need but the state is supposed to verify each claim with the employer before it's paid.
However, retired IDES supervisor Rose Harris, said with companies laying off hundreds of employees during the pandemic, it's possible those businesses could have missed the claim coming in.
Missing the claim means the employer didn't let the state know an employee was currently working or Harris says they did see the claim and tried to call the IDES.
"Call volume is huge and they're having the exact same problem that the claimant is having, trying to call in," Harris said.
Harris says there are other measures in place to flag fraud, but in a backlogged system, some fraudulent claims obviously get paid.
Johnson assumes "some mysteriously unknown person somewhere in Illinois" is collecting $5,185 that is owed to her. The last time she followed up, the dedicated fraud center was closed "due to unforeseen circumstances."