State unemployment fraud could cost Illinoisans more than $1 billion

State unemployment fraud could cost Illinoisans more than $1 billion

A recent report from the Illinois Department of Employment Security revealed the state lost at least $14.8 million to fraudsters during the pandemic. But experts warn the full extent of state fraud could be closer to $1 billion.

The Illinois Department of Employment Security lost more than $14.8 million to fraud during the COVID-19 pandemic, according to a report obtained by WGN.

While this preliminary estimate may seem large, an IDES spokeswoman confirmed the report only accounts for unemployment claims believed to have been collected by residents who were actually working.

Now experts tracking rampant identity theft in Illinois estimate the state’s total price tag on fraud could cost taxpayers more than $1 billion.

“I would have a hard time thinking that the state lost $14.8 million,” said cybersecurity expert Haywood Talcove, an executive with LexisNexis Risk Solutions. “That would be a miracle.”

The IDES fraud figure of $14.8 million was first reported to the U.S. Department of Labor in July, after months of IDES declining to share state fraud estimates with the public. That money was believed lost to people working at the same time they were receiving benefits, an IDES spokeswoman said.

“This does not include any number associated with identity theft-related unemployment fraud,” she clarified in an email. “IDES is one of many states still quantifying a dollar amount attributable to” that crime.

The omission of identity theft-related employment fraud from the figure has drawn increased concern after IDES released a statement warning residents about a surge in phishing schemes in mid-June.

That was after the employment agency reported blocking almost 450 million “nefarious attempts to access the Department’s benefit system” over just one week. The scammers either attempted to file a fake insurance claim or tried to divert payments to an alternate existing account.

Cybersecurity experts said successful attempts to hack state-run databases for residents’ personal information have made it easier for fraudsters trying to trick the system. Cases of this so-called imposter fraud exploded during the pandemic.

IDES didn’t help when its new system exposed Social Security numbers and other personal information of 32,483 self-employed and gig workers seeking benefits when the pandemic idled them. The data breach was discovered May 15, 2020, by a state lawmaker’s constituent who was seeking benefits through the $22 million system the state bought through a no-bid contract. At least three groups filed lawsuits, claiming financial losses from thieves using their IDES personal data.

According to IDES, it has shut down more than 1.7 million false claims successfully filed using stolen identities. Talcove argues the state could do more.

Talcove told state lawmakers July 15 that a vendor could stop the flood of bad claims for about $1 million a year by adopting the same security systems the private sector has employed for years. He suggested the state seek competitive bids from qualified firms, including his own.

“With the technology that exists, you can have it. You can get a package delivered by Amazon in a trustworthy manner. You can make a transaction on a bank account and be safe,” Talcove told lawmakers during a cybersecurity hearing. “You can have the same thing with government programs.”

Talcove cautioned lawmakers that scammers who made a fortune defrauding the state are not going to stop with unemployment insurance. He suspected thieves diverted more than $1 billion in benefits intended for unemployed Illinoisans during the pandemic.

Adam Ford, the Illinois Department of Innovation and Technology’s chief information security officer, confirmed Talcove’s suspicions on the magnitude of scammers’ efforts. He said the state sees billions of attempted attacks each month on the system.

Ford said he was concerned hackers able to bypass state security measures could steal sensitive personal data and even cripple the unemployment agency.

“Ransomware I think stands out most in our minds as the most dangerous attack and can render agencies unable to perform their duties,” Ford said.

State technology administrators assured lawmakers Illinois has already implemented tools to bolster cybersecurity and will continue to add new measures to combat evolving fraud.

Anyone who has been a target of identity theft-related unemployment insurance fraud can visit the IDES fraud webpage for information on how to report the claim.

For more on other issues facing IDES, see our unemployment tracker here.

Want more? Get stories like this delivered straight to your inbox.

Thank you, we'll keep you informed!