Investigates

Exclusive: U.S. Attorney talks to 11 Investigates about massive unemployment fraud

PITTSBURGH — The newly appointed U.S. Attorney for the Western District of Pennsylvania gave her first interview to 11 Investigates to talk about the monumental task of investigating fraud on the Pennsylvania Unemployment Compensation system.

“I really appreciate in general your coverage of fraud and consumer fraud issues. It’s a big issue!” Assistant U.S. Attorney Cindy Chung told 11 Investigates’ Angie Moreschi.

In the past month, Channel 11 has done multiple reports about unemployment compensation delays and fraud plaguing the system. In response, we’ve been contacted by more than a hundred people in recent weeks having trouble getting their payments and experiencing potential fraud on their accounts.

“I think that really shows the value of having a story like yours which brings to light this type of activity, because then people can self-identify themselves as victims of these hacks, and that actually does save a lot of work for investigators,” Chung said.

Chung called the Channel 11 reports a public service that is helping to raise awareness about fraud.

“It’s really a service,” Chung said. “So, people can be on the look-out for it, and so people can play defense against it in the future.”

Lack of notification about hacks

Raising awareness about the fraud is important, because, as 11 Investigates learned, the Pennsylvania Department of Labor doesn’t always notify unemployment recipients that their accounts might have been hacked.

Almost two weeks ago, we told you about the efforts of one unemployment recipient named Ryan who was trying to figure out why his unemployment account was frozen. His benefits were delayed, but all he got was a notice saying his account was under audit, no information on why. After repeatedly calling and emailing the Pennsylvania unemployment service center, someone finally admitted his account was breached.

“They said, ‘Oh you’re wone of them Wells Fargo people,” he remembered the customer service agent telling him.

Ryan sent us a screenshot of his account showing how on Nov. 28, 2021, someone using the name Pat McDermott changed his payment type from “debit card” to “direct deposit” into a Wells Fargo bank account that wasn’t his.

Since that story, dozens of others have contacted 11 Investigates, saying their accounts were also hacked, including several with the exact same details as the Wells Fargo change on Ryan’s account.

UC recipient Pete Smock was among those who discovered his account was hacked the same way that Ryan’s was.

“I wouldn’t have known what was going on with my account if it wasn’t for your story,” Smock said.

Michele, who didn’t want us to use her last name, also contacted us. She is concerned that her account could have been part of a mass breach that compromised the personal information of many recipients.

“It struck me that I was not an isolated event,” she said. “The payments were routed to Wells Fargo in the name of Pat McDermott. It’s unbelievable.”

Evolving fraud

Early in the pandemic, the Western Pennsylvania U.S. Attorney’s office charged dozens of prison inmates with opening false unemployment accounts to steal benefits. But Chung told 11 Investigates that unemployment fraud is now evolving.

“In the beginning, you saw a lot of things where people were trying to defraud the government. Now, you’re seeing a new version where people are trying to take benefits from the rightful recipients.”

She says these latest attacks are more sophisticated than just opening fake accounts and could involve foreign actors, as well as domestic.

“The type you recently covered is a different type, where hackers actually illegally access the system, such as the Department of Labor, and then steal account information directly,” Chung explained.

Investigating a breach

11 Investigates has pushed the state for answers about a suspected mass breach for almost two weeks. Last week, L&I told us:

Our investigation is ongoing. A data breach has not been determined. We are working with multiple parties to investigate the scope and potential impact of what we believe to be a sophisticated targeting of the commonwealth’s UC system.-- Erin James, L&I Communications Director

This week, L&I would not provide an update, saying only,

L&I is always actively looking at measures to enhance the security of the UC system, and implementing changes where necessary. The investigation is ongoing and we cannot comment any further. --Alex Peterson, L&I Press Secretary

Among the agencies working with L&I investigating unemployment fraud are the FBI, IRS, Secret Service, Homeland Security and U.S. Attorney’s office.

“People who are able to hack a system, whether it be the Department of Labor or a credit card system, are going to be able to divert funds that should rightfully go elsewhere,” Chung said.

Given the magnitude of the unemployment fraud problem cyber security experts are surprised to learn that Pennsylvania’s $35 million upgrade of its UC system in June 2021 did not include basic fraud prevention technology like multi-factor authentication.

“That, to me is incredibly irresponsible. Not having that tool in place,” LexisNexis CEO of Risk Solutions Haywood Talcove told 11 Investigates. “That tool has been in place for five years, and it’s one of the layers of technology that makes it more challenging for these individuals who are trying to steal from the state of Pennsylvania.”

Last week, L&I announced it would add multi-factor authentication as an added layer of protection but couldn’t tell us when. We followed up this week, but the department said there is no update on when they will do it.

Protecting citizens

Chung agreed that adding multi-factor authentication would be a key factor in helping to protect citizens.

“It’s very important. I mean, the more locks you can put on a system the better,” she said.

Chung also urged Pennsylvania unemployment recipients to be proactive in trying to protect their own accounts by frequently changing their passwords.

“If people are in the system and have not experienced a breach yet, it’s a good idea for them to change their password, so they can play defense,” she said. “This system has already been breached so it’s worth the extra effort to make a long password and a complicated password.”

Contact for DOJ

If you think your account was hacked, the U.S. Attorney’s office told us they would be interested in hearing from you.

Chung’s office provided an email for our viewers to contact the Department of Justice directly, so they can investigate. You can contact the DOJ by sending an email to USAPAW.COVID19@usdoj.gov or calling 1-888-C19-WDPA.

In addition, you can report suspected unemployment fraud by visiting the UC Benefits website and clicking “Report Fraud” at the bottom of the page to complete and submit the Identity Theft Form. You can also report suspected fraud by calling the Pennsylvania Fraud Hotline at 1-800-692-7469.

L&I recommends that individuals who suspect they are the victims of identity theft file a police report with local law enforcement and provide a copy of the police report to the Office of Unemployment Compensation.

The U.S. Department of Labor recommends that victims of identity theft should also report their information to the National Center for Disaster Fraud. Victims should also consider starting a recovery plan with the Federal Trade Commission.