Washington state officials said Thursday they’re stopping unemployment payments for two days while they attempt to block a gush of fraudulent claims aimed at stealing some of the billions of dollars that Congress directed to workers left jobless amid the coronavirus pandemic.
Between March and April, the number of fraudulent claims for unemployment benefits jumped 27-fold to 700, the state Employment Security Department told The Seattle Times. During that same period, the amount of money bled off by suspected fraudsters jumped from about $40,000 to nearly $1.6 million.
Those estimates may rise further, as reports of “sophisticated” fraudulent activity surged during the first two weeks of May, and especially over the last few days, state officials said. The ESD fraud hotline has been inundated with calls — with many callers saying they were unable to get through to make a report — and so many emails came into the department’s fraud inbox last weekend that it temporarily shut down.
The surge comes as the state is trying to process a massive wave of legitimate claims for jobless benefits — and has already complicated efforts to get financial relief to workers laid off during the pandemic. In April, the state paid about $1.8 billion in unemployment benefits, ESD officials said.
On Thursday, ESD commissioner Suzi LeVine apologized for any hardship caused by the temporary halting of benefit payments, but she insisted the two-day pause was necessary “so we can validate claims as authentic.” LeVine also stressed, repeatedly, that the ESD itself had not been a victim of a data breach, but that the fraudsters were likely using personal data stolen elsewhere to access the ESD’s filing system.
In recent weeks, school districts, universities, municipal governments and private employers have told The Seattle Times that they have identified hundreds of suspect claims filed on behalf of employees who are still working. On Wednesday, a single employer — Western Washington University — told The Times that 410 of its 2,463-person staff had been targeted by fraudulent claims.
Since reporting on the fraudulent activity last week, The Times also has been contacted by dozens of people who discovered phony claims had been filed using their Social Security numbers and other personal information.
In some cases, workers said they learned of the fraud after receiving a notification from the Employment Security Department that their claim was being processed, even though they had not filed one. In other cases, victims discovered impostor claims while trying to file their own legitimate applications for benefits.
Several people provided documentation showing that by the time they discovered the fake claims, the state had already paid out thousands of dollars in ill-gotten benefits into impostors’ bank accounts.
When Marc Rockov, a Mill Creek engineer who was recently furloughed for a week, tried to file a claim with the Employment Security Department, he found an ESD account had already been opened in his name, albeit with a different email address, phone number and bank account.
In that account, Rockov found seven claims for weekly unemployment benefits, dating back to Feb. 15, and totaling $5,530 — all of which had been paid into a bank account that wasn’t his, but which someone had linked to his ESD account. “I was like, ‘what the hell is going on here?’” said Rockov, who provided The Times with a screen shot showing seven payments of $790, all paid April 30.
Roger Ingalls of Bellevue found that over the past few weeks someone has been paid $8,800 by the state after filing unemployment claims in his name. He also provided screenshots to The Times of his ESD account, which show weekly payments that started at $577 and then rose to $1,170.
Ingalls recently lost one job as an emergency substitute teacher for the Renton School District due to school closures but has continued to work as a loan originator and a church worship leader. He says he did not file an unemployment claim and has no idea where the payouts in his name went. “It’s just so damn discouraging to see this happen,” he said in an interview.
“Please stop sending more money to the criminal that filed this fraudulent claim,” Ingalls wrote in an email to ESD’s fraud unit this week — a message that appeared to reach the agency, unlike his past attempts to get through to the fraud hotline.
The ESD fraud team’s email account for such reports, firstname.lastname@example.org, filled up so quickly last weekend that messages bounced back to frustrated workers. Nick Demerice, an ESD spokesperson, said the account had been set up with a 5 GB limit but has since been upgraded to 10 GB (though that’s still less than the 15 GB offered by a standard free Gmail account). The ESD has also added a new online portal where individuals can upload documents related to their fraud reports. Officials emphasized that individuals targeted by fraudsters aren’t responsible for fraudulently transferred money and are still eligible for unemployment benefits.
Demerice said the agency cannot discuss individual cases. But he acknowledged cases shared with The Times fit a pattern the agency has seen in recent weeks in which individuals use stolen personal data to either create new ESD accounts or alter existing ones. He said the department is evaluating the problem and is “implementing things in real time to be able to shut this down.”
The rash of crooked claims has hit an array of Washington employers.
Seattle Public Schools said it has identified “suspicious” claims for 86 employees.
Boeing said it was “aware of approximately 200 false claims submitted on behalf of Boeing employees,” although roughly half of the company’s workforce is out of state.
The city of Bellevue has found 10 cases of such fraud happening to its employees, according to spokeswoman Michelle DeGrand.
The Washington Education Association, the state’s teachers union, sent a warning to its tens of thousands of members last week, saying members in several school districts had been hit with phony claims. Bellingham Public Schools reported Thursday around 150 suspect claims had been filed using employees’ identities, up from 46 a week ago.
While the current unemployment crisis is unprecedented, ESD has come under scrutiny before for paying out benefits without sufficient oversight. A 2014 state audit found the department failed to adequately check whether recipients of $11 million in Trade Readjustment Allowance payments had been eligible.
Like many government agencies, ESD also had in recent years struggled with an aging, difficult-to-maintain computer system. The state in 2017 finished a $44 million replacement system, known as UTAB (Unemployment Tax and Benefit System).
Meanwhile, Washington state government in general has grappled with technology and security issues. A 2018 state-commissioned report by the private consulting firm Gartner criticized many aspects of Washington’s disjointed information-technology administration and said the state “lacks an overall cybersecurity strategy.”
More recently, the ESD has come under fire for slow processing of the hundreds of thousands of claims for jobless benefits that have followed the massive layoffs during the pandemic crisis.
Like other states, Washington has faced not only a vast increase in unemployed workers — 1 million at last count — but also to reach those jobless workers with extra federal benefits Congress authorized under a $2.2 trillion pandemic assistance package.
Those extra benefits, which include a $600 weekly payment on top of regular state unemployment benefits, have made state programs attractive targets for identity thieves, said James Lee, chief operating officer and an expert in data protection at Identity Theft Resource Center, a nonprofit that helps victims of identify theft.
Experts also see other culprits. Identity thieves are more sophisticated and have more powerful tools. Lee says the large numbers of fraudulent claims that employers are reporting indicates identity thieves are probably using data stolen in past breaches of companies and institutions to hit vulnerable state web portals.
“The bad guys … use automated tools that just pound these websites with known credentials,” Lee said.
Such data appears to have allowed fraudsters to access the ESD system through a separate state system, known as SecureAccess Washington (SAW), that handles user authentication for several state departments.
Once someone breaks into a SAW account, they can then enter the ESD system, Demerice said.
“Once you’ve authenticated yourself, you’re free to update your contact information, your direct deposit information, you know, a lot of different things,” added Demerice, though he noted that attempts to change certain account information would flag the account for review by the ESD’s 24-person fraud team.
The actions of the hackers and criminals are adding stress for workers and employers already hammered by a once-in-a-generation crisis.
“I think it’s more than creepy,” said Tricia Skinner, a Seattle health professional who recently discovered the state had paid more than $2,000 to someone who had filed several fraudulent claims on her existing ESD account. “What about the people who really need the benefits?”