|
 The Illinois Department of Employment Security lost more than
$14.8 million to fraud during the COVID-19 pandemic, according to a report
obtained by WGN.
While this preliminary estimate may seem large, an IDES spokeswoman confirmed
the report only accounts for unemployment claims believed to have been collected
by residents who were actually working.
Now experts tracking rampant identity theft in Illinois estimate the state’s
total price tag on fraud could cost taxpayers more than $1 billion.
“I would have a hard time thinking that the state lost $14.8 million,” said
cybersecurity expert Haywood Talcove, an executive with LexisNexis Risk
Solutions. “That would be a miracle.”
The IDES fraud figure of $14.8 million was first reported to the U.S. Department
of Labor in July, after months of IDES declining to share state fraud estimates
with the public. That money was believed lost to people working at the same time
they were receiving benefits, an IDES spokeswoman said.
“This does not include any number associated with identity theft-related
unemployment fraud,” she clarified in an email. “IDES is one of many states
still quantifying a dollar amount attributable to” that crime.
The omission of identity theft-related employment fraud from the figure has
drawn increased concern after IDES released a statement warning residents about
a surge in phishing schemes in mid-June.
That was after the employment agency reported blocking almost 450 million
“nefarious attempts to access the Department’s benefit system” over just one
week. The scammers either attempted to file a fake insurance claim or tried to
divert payments to an alternate existing account.
Cybersecurity experts said successful attempts to hack state-run databases for
residents’ personal information have made it easier for fraudsters trying to
trick the system. Cases of this so-called imposter fraud exploded during the
pandemic.
IDES didn’t help when its new system exposed Social Security numbers and other
personal information of 32,483 self-employed and gig workers seeking benefits
when the pandemic idled them. The data breach was discovered May 15, 2020, by a
state lawmaker’s constituent who was seeking benefits through the $22 million
system the state bought through a no-bid contract. At least three groups filed
lawsuits, claiming financial losses from thieves using their IDES personal data.
[to top of second column] |
According to IDES, it has shut down more than 1.7
million false claims successfully filed using stolen identities.
Talcove argues the state could do more.
Talcove told state lawmakers July 15 that a vendor could stop the
flood of bad claims for about $1 million a year by adopting the same
security systems the private sector has employed for years. He
suggested the state seek competitive bids from qualified firms,
including his own.
“With the technology that exists, you can have it. You can get a
package delivered by Amazon in a trustworthy manner. You can make a
transaction on a bank account and be safe,” Talcove told lawmakers
during a cybersecurity hearing. “You can have the same thing with
government programs.”
Talcove cautioned lawmakers that scammers who made a fortune
defrauding the state are not going to stop with unemployment
insurance. He suspected thieves diverted more than $1 billion in
benefits intended for unemployed Illinoisans during the pandemic.
Adam Ford, the Illinois Department of Innovation and Technology’s
chief information security officer, confirmed Talcove’s suspicions
on the magnitude of scammers’ efforts. He said the state sees
billions of attempted attacks each month on the system.
Ford said he was concerned hackers able to bypass state security
measures could steal sensitive personal data and even cripple the
unemployment agency.
“Ransomware I think stands out most in our minds as the most
dangerous attack and can render agencies unable to perform their
duties,” Ford said.
State technology administrators assured lawmakers Illinois has
already implemented tools to bolster cybersecurity and will continue
to add new measures to combat evolving fraud.
 Anyone who has been a target of identity theft-related unemployment
insurance fraud can visit the IDES fraud webpage for information on
how to report the claim. |
