By Joe Barela
Colorado, along with the rest of the nation, has recently been subjected to a wave of fraudulent Unemployment Insurance (UI) Claims — the criminals filing these claims range from sophisticated international identity theft rings trying to cash in on stolen social security numbers, to local fraudsters trying to “game” the system on a one-off basis. The bad news for Coloradans, including not only legitimate UI claimants and employers, but also individuals whose stolen identities have been used to file false claims, is that legitimate benefit payments can sometimes be delayed and for others simply receiving this identity theft news and taking necessary measures to protect your individual Personal Identifying Information (PII) takes effort and time. And it’s critical for all Coloradans to understand the worst part of this news clearly — if you have been subjected to a fraudulent UI claim, that is because your personal identity was compromised through an unrelated previous data breach, which could be from any number of sources — if you haven’t already done so, you will need to take independent action to protect your credit, unrelated to the state UI system.
But there is some good, or at least reassuring, news as well: The Colorado Department of Labor and Employment (CDLE) Unemployment Insurance Division has been largely successful in preventing the payment of fraudulent claims, and continues to improve both our prevention of improper payment on those claims and our communication to legitimate claimants, employers and individuals whose social security numbers or other PII has been compromised. And to those of you who have been victimized by identity theft generally, as we address and correct the resulting UI fraud claim in your name, we will not in any way negatively impact your credit–we recognize this as the criminal activity it is.
The current widespread fraud is traceable in large part to two relatively recent but separate unfortunate developments: first, the mass data breaches of recent years (think Equifax, Target, Adobe, to name just a few) have caused millions (or billions worldwide) of individual records, including names, social security numbers, and often much more detailed PII to become available on the dark web and other black market avenues; second, with the onset last year of COVID-19 and the resulting economic dislocation, our national and state UI system has seen a huge increase in both demand from claimants and available financial resources, due to massive federal emergency relief. As a result, local, national and international criminal rings have had both ready access to stolen or otherwise compromised PII (primarily, but not solely, social security numbers) and a lucrative opportunity to misuse that data to illegally access UI payments.
Let’s take a brief look at each of these factors. To illustrate the prevalence of the underlying identity theft, according to an article published by a respected cybersecurity source (CSO) in January 2021, about 3.5 billion people saw their personal data stolen in the top two of the 15 biggest breaches in just the first 20 years of this century alone!
And while these stolen identities have been available in many cases for quite a while, criminals have only recently attempted to use it for targeting our national and state UI programs, dating back to the summer of 2020 when upward spikes in suspected fraudulent claims first showed up in the federal Pandemic Unemployment Assistance (PUA) program. PUA and related federal UI relief programs were the first ones to be hit because of the broad new relaxed eligibility criteria and the significant increases in available weekly benefits to claimants. For a sense of the size of these fraud schemes on a national scale, consider that the United States Department of Labor’s (USDOL) Office of the Inspector General estimated in a November report that these schemes and others targeting pandemic unemployment payments represented about $36 billion in losses through November of 2020. A USDOL official from the previous Administration estimated that UI fraud could reach $50 to $70 billion.
And as PUA and other federal relief expired toward the end of 2020, criminal attention and effort was redirected to Colorado’s longstanding state UI system as well. Since the Spring of 2020, CDLE’s UI Division has processed just over 1 million valid unemployment insurance claims and paid out over 7 billion dollars in legitimate unemployment insurance benefits. In this same timeframe, we have seen in excess of 1 million potentially fraudulent claims filed using stolen PII that criminals are obtaining and then attempting to use to access federal and state benefits. A recent USA Today article that interviewed an engineering student in Nigeria, estimates he’s made about $50,000 since the pandemic began. After compiling a list of real people, he turns to databases of hacked information that charge $2 in cryptocurrency to link that name to a date of birth and Social Security number. This student went on to say “Once we have that information, it’s over, it’s easy money.”
But it’s our aim at CDLE to make sure that fraudsters are not finding “easy money,” while simultaneously ensuring timely payment of benefits to those filing legitimate claims. To that end, in partnership with our third party vendor, Deloitte, in December we launched a modernized system for claimants to file for unemployment benefits — known as MyUI+. I’m pleased to report that MyUI+ is currently up and running for state benefits and is coming online for the more complex newly passed federal benefits over the next several weeks. In the meantime, included with this system are sophisticated anti-fraud detection measures which are already estimated to ,have prevented between 7 and 10 billion dollars in fraudulent payments since its launch in January alone.
But while we are both pleased with Colorado’s prevention of fraudulent payments and efforts to recover those relatively few which have been paid, we still have much work to do on behalf of Colorado’s vast majority of law-abiding citizens, including legitimate UI claimants, employers and identity-theft victims whose PII has been filed for UI by criminals. For legitimate claimants, our challenges include ensuring that their claims are not unnecessarily delayed due to the protective fraud hold measures of the system, and second we are working to improve our previously inadequate Call Center which until recently was largely overwhelmed by the addition of fraud inquiries to the already historically unprecedented demand for UI claims. As we continue our efforts internally,with Deloitte and other partners for alternative identification methods to replace outdated reliance on social security numbers, we expect that claimant access to individual assistance will be greatly improved as well. In the meantime, we apologize for the inconvenience and long wait times many have experienced, and we thank you for your patience.
We are also working to improve our communications and interactive responsiveness to employers, who constitute one of our major tools for identifying and preventing payment of fraudulent claims in the first place. Although there is currently no way to prevent criminals from filing false claims based on independently obtained stolen PII, notification from employers when made aware of such claims for employees they know to still be working is immensely helpful to our fraud payment prevention efforts. To improve our communication and responsiveness to our roughly 300,000 Colorado employers who pay premiums into the Colorado Unemployment Insurance Trust Fund, and to prevent the possibility of fraud placing upward pressure on already rising UI premiums, we have already taken measures to avoid charging such claims against employers’ accounts. Additionally, we are asking the Colorado General Assembly for the resources to upgrade our employer based UI system (called CATS) similar to the MyUI+ improvements mentioned earlier for claimants. While we hope to recover from the COVID-19 related economic challenges we currently face, that won’t happen overnight, and in any event our long term service to employers in terms of their ability to manage their premium payments, adjudication of claims and other business transactions, will be greatly enhanced with this proposed technology modernization.
We continue also to increase our outreach efforts to the victims of identity theft who have had fraudulent claims filed in their names and/or with their social security numbers or other PII. As already discussed, the only way a fraudulent UI claim could have been filed in your name or with any other of your PII is if you have already had your identity stolen or otherwise compromised — you need to take action to protect your credit generally, while we address the UI fraud issue. We are working closely with Colorado’s Attorney General and with a wide variety of public and private partners, including state and local chambers of commerce and other business organizations as well as local governments and community based organizations to get the word out to Coloradans about how to respond if you find yourself victim of a fraudulent UI claim and how to take precautionary measures to protect credit generally. Our main fraud prevention website can be found at cdle.colorado.gov/fraud-prevention.
And finally, in close partnership with the Colorado Attorney General, a variety of federal law enforcement agencies, including the FBI and U.S. Secret Service as well as with other states’ law enforcement agencies, we are actively pursuing the criminals attempting to prey upon vulnerable law abiding folks during this public health and economic crisis. While we’re encouraged by our success to date in preventing the vast majority of false claims from paying out, we recognize there is much more work to do to alleviate the inconveniences caused to Coloradans by these scams. We appreciate both your patience and your partnership in addressing this challenge, and we look forward to continued customer service improvement with not only UI but all of our other workforce and employment programs as well.
Joe Barela is Executive Director, Colorado Department of Labor and Employment
The Pagosa Daily Post welcomes submissions, photos, letters and videos from people who love Pagosa Springs, Colorado. Call 970-903-2673 or email pagosadailypost@gmail.com