<\/p>\n
Like many victims of unemployment fraud, Duane Thomas only learned that someone had used his identity to file for jobless benefits when a strange 1099-G tax document arrived in his mailbox last month.<\/p>\n
He reported the mistake in an online form provided by the state Department of Labor and Employment. Within about three weeks, the state sent him a corrected 1099-G form to let him and the IRS know he wasn\u2019t on the hook for taxes on $12,000 of benefits he never received. He also got an email from the agency acknowledging receipt.<\/p>\n
But he\u2019s clueless about how it could have even happened.<\/p>\n
\u201cI have no idea,\u201d Thomas said.<\/p>\n
Officials from the state Department of Labor and the Colorado Attorney General\u2019s office, plus cybersecurity professionals shared what likely happened during an online broadcast this week.<\/p>\n
Thomas\u2019 personal data and millions of others \u2014 from home addresses, birthdates and Social Security numbers \u2014 were compromised in recent and long-ago data breaches of well-known companies. That includes the 500,000 guest accounts pilfered during the Marriott International data breach in 2018 to the Equifax breach of 2017, when data on nearly every American with credit was exposed.<\/p>\n
\u201cNow today, if you all have been paying attention to the news, we\u2019ve had SolarWinds and Sonicwall have (data breach) issues,\u201d said Carlin Dornbusch, president of American Cyber Security Management in Superior. \u201cWe\u2019re still calculating the numbers in potentially the tens of thousands of businesses that have been impacted by just these two breaches alone.\u201d<\/p>\n
But while one can cancel a credit card and get a new one, it\u2019s not the same for birthdates, Social Security numbers and other personal identifiable information (PII) that rarely change.<\/p>\n
\u201cThat PII, like gender, hair color, birthdate, those are long-lived data elements,\u201d Dornbusch said. \u201cThat\u2019s the metadata of the human race, so when that information is compromised, it can lead to disastrous returns as that data can be assimilated to help build profiles and then those individuals can be targeted.\u201d<\/p>\n
That\u2019s why thousands of Coloradans have become victims of unemployment fraud, discovering the issue only after getting a debit card or 1099-G form in the mail, learning from their employer or even when filing for unemployment and finding someone else has used their identity.<\/p>\n
\u201cThis is a new type of fraud. Our systems are based on the idea that a Social Security number is truly sacrosanct. It\u2019s not known by everyone,\u201d said Daniel Chase, chief of staff for the Colorado Department of Labor. \u201cThese Social Security numbers are no longer private data points for people. They are known to criminals, they\u2019re known on the dark web and they\u2019re easily accessible for people to use them for these kinds of things.\u201d<\/p>\n
Money motivates fraudsters, said Shameka Walker, a senior attorney in ID theft program management at the Federal Trade Commission. The federal CARES Act provided unemployment benefits to a type of worker for the first time: gig workers, contractors and the self-employed, who normally aren\u2019t covered by unemployment insurance. The CARES Act also paid a $600 per week bonus, which made backdating claims to February 2020 more lucrative. Scammers could get tens of thousands of dollars in the first payment.<\/p>\n
\u201cThis kind of identity theft has been around for years, but because of the pandemic it\u2019s really increased,\u201d Walker said. \u201cAnd that\u2019s because people lost jobs, and then they got enhanced benefits, which makes it very attractive to identity thieves. Also, some states relaxed the verification process so it made it easier for identity thieves to get access to this kind of information to begin with.\u201d<\/p>\n
Colorado\u2019s Department of Labor began noticing the increase in suspicious claims in June when an excessive number of Pandemic Unemployment Assistance claims were filed. While some were paid, about half were stopped, preventing $34 million in payments that month. Anti-fraud measures the state put in place prevented 30% to 50% of the false claims from being paid in July.<\/p>\n
But there were so many suspicious claims. By January, the state said 1 million claims had been flagged for fraud during the pandemic. While $7 billion was prevented from being paid out, the labor agency said about $10 million was paid to accounts deemed fraudulent. The state is trying to recover the money.<\/p>\n
Colorado isn\u2019t alone.<\/p>\n
Read more at The Colorado Sun<\/a><\/em><\/p>\n