According to some estimates, up to 400,000 Colorado residents are currently impacted by an unemployment insurance fraud scheme that is sweeping the nation in the wake of the COVID-19 pandemic. “Sophisticated criminal rings” are using stolen Personally Identifiable Information (PII) to file false unemployment claims. Unfortunately, many victims of this identity theft don’t find out until receiving IRS 1099-G Forms for unemployment benefits that they did not receive.

Why is this happening?

According to the Colorado Department of Labor and Employment (CDLE), unemployment fraud has “become rampant,” in Colorado and in other states during the COVID-19 pandemic. One reason CDLE cites is that the Pandemic Unemployment Assistance (PUA) program does not have the same checks, balances, and security measures that are in place in the regular state-run Unemployment Insurance program. CDLE has stated that over 800,000 false claims have been stopped, representing more than $7 billion in fraudulent payments.

How is this related to IT security?

Many have asked if this issue is the result of a data breach at the Colorado Department of Labor and Employment (CDLE) or possibly in their own business or organization. According to CDLE:

These are sophisticated criminal rings that use personally identifiable information, including social security numbers, to file claims on behalf of unsuspecting victims. We speculate that the sheer volume of this identity theft is the result of one or several data breaches that have occurred over the past few years, which compromised hundreds of millions of identities.

Some of the most notorious data breaches that could have exposed the Personally Identifiable Information (PII) used in this fraud ring include:

  • Experian, breached in 2015, exposing the PII of 24 million people.
  • Equifax, breached in 2017, exposing the PII of 147 million people.
  • Capital One, breached in 2019, exposing the PII of 106 million people.

What to do if I am the Victim of a Fraudulent Unemployment Insurance Claim

If you believe that you or your organization has been affected by a fraudulent unemployment claim, file a fraud report with the Colorado Department of Labor and Employment.

What to do if My Business is the Victim of a Fraudulent Unemployment Insurance Claim

Fraudulent unemployment claims that are not corrected with the Colorado Department of Labor and Employment could potentially affect an employer’s unemployment premiums and their “experience rating.” As of the writing of this article, the Colorado Department of Labor and Employment advises all employers who have been part of a false claim to submit an appeal on any unemployment decision issued by the department.

Minimizing Risk, Going Forward

There is nothing that you can do about data breaches that have already happened or that have happened in other organizations that have your data. However, you can reduce the risk of private company information and personal information getting stolen and used for false unemployment claims by taking precautions to protect, secure, and back up your files and other data. It may seem simple and obvious, but poor password security and password conventions (i.e. “password123”) are the number one weakness in an organization’s information security. This is due to a lack of security awareness on the part of management and staff in most companies. 

We recommend a hybrid approach to keeping your company’s data and networks locked down. First, staff needs comprehensive Security Awareness Training. Second, your networks need solid, monitored Network Security and Backup and Disaster Relief Solutions. Our free IT Security Checklist  will help you assess your organization’s security, identify which areas need attention, and will provide you with the knowledge and vocabulary you will need to take the next steps or to seek help from a trusted managed IT service partner.

Looking for Managed IT Services?

We help our customers improve all areas of security with scalable solutions so that they can attain high productivity levels for their teams while keeping costs under control.

For a free consultation and IT security assessment, please contact us today. We know what it’s like to run a business, and we know your time is valuable.  

We can:

  • Learn about your business
  • Give you some ideas on what improvements you can make right away
  • Provide free advice on your approach to IT security

And if you’d like, we can show you where and how we can help.