The U.S. Attorney’s Office in Seattle says it’s working with Washington state to “track down and prosecute” criminals stealing unemployment benefits. But it’s also urging the state to “address and fix the vulnerabilities in their system” that, according to a report by other federal investigators, may have helped Washington become the top target in a national scam.
Friday’s statement from U.S. Attorney Brian Moran comes a day after the state Employment Security Department temporarily halted benefits payments while it dealt with a surge of bogus claims for unemployment insurance that were filed using the identities of unsuspecting workers.
The Employment Security Department, which plans to restart benefits payments on Saturday, blames much of what it calls “impostor theft” on sophisticated criminals using stolen Social Security numbers and other personal data to access the state’s unemployment insurance system.
ESD officials have said that other states are seeing similar problems as thieves, drawn by the large new pool of emergency federal benefits, break into unemployment insurance systems using personal data stolen during earlier data breaches. They also note that Washington was among the first states to start paying benefits from the federal program, which likely made the state an early fraud target.
But Moran highlighted an additional concern: that security measures at the Employment Security Department as well as at the state’s centralized authentication system, SecureAccess Washington, may not have been adequate to withstand attacks by identity thieves.
“Chasing these reprehensible criminals is just one part of the equation,” Moran said in his statement. “The other part is for the state to address and fix the vulnerabilities in their system, and I am advised that they are working to address that part of the problem.”
Those vulnerabilities have reportedly helped Washington become the top target of a widespread scheme by identity thieves who are targeting unemployment insurance programs, according to two government officials who have read a recent report on the scam from the U.S. Secret Service but who declined to be named Friday because they weren’t authorized to speak about the report.
“The report indicated that Washington state was the primary target [of the thieves] but that other states may also have seen some activity and other states could be targeted down the line,” said one government official who had read the Secret Service report. A second government official who has also seen the report confirmed that it indicated that the scams were most prevalent in Washington but that it also lists other states and said most states will be vulnerable.
The New York Times reported Saturday that the Secret Service report suggests a well-organized Nigerian fraud ring is behind the surge in phony claims, and could result in “potential losses in the hundreds of millions of dollars.”
While Washington has emerged as the primary target so far, there also was evidence of attacks in Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island and Wyoming, the NYT reported.
Both ESD and WATech, the state agency that runs SecureAccess Washington, did not respond to requests for comment about Moran’s statement, and the U.S. Attorney’s Office offered no additional comment.
ESD officials acknowledged this week that Washington had paid out $1.6 million on fraudulent claims in April and has seen a “significant” surge in reported fraud cases since then. That surge, corroborated by dozens of victims who contacted The Seattle Times, led ESD Commissioner Suzi LeVine to temporarily halt all benefits payments on Thursday so the department “can validate claims as authentic.”
In recent weeks, school districts, universities, municipal governments and private employers have identified hundreds of suspect claims filed on behalf of employees who are still working.
In some cases, workers said they learned of the fraud after receiving a notification about a claim in their name from the Employment Security Department. In other cases, the fraud was discovered when victims tried to file their own legitimate applications for benefits through the ESD website. Several victims shared screenshots with The Seattle Times showing that the state had already transferred money to impostor bank accounts.
On Friday, Nick Demerice, an ESD spokesperson, declined to specify the fraud-control measures taken by the department since Thursday to avoid alerting prospective thieves.
Seattle Times staff reporter Jim Brunner contributed to this report.