The Washington Employment Security Department’s fraud detection software was so weak in the early stages of the coronavirus pandemic, it couldn’t even detect fraudulent claims filed in the stolen identities of the agency’s own employees, a KING 5 investigation has confirmed.
“How does our own agency not know that we’re not unemployed? How did our own system not catch it?” said an exasperated employee who confirmed that Employment Security Department (ESD) workers had been the victims of widespread unemployment imposter fraud.
The employee asked not to be identified because they were not authorized to speak on the matter.
KING 5 has repeatedly asked ESD whether its employees were targeted by fraudulent claims.
Earlier in September, an ESD spokesperson confirmed that crime rings had filed claims in the stolen identities of ESD employees.
However, he would not say if the agency was actually duped by those claims and paid unemployment money to the fraudsters.
On Tuesday, ESD Commissioner Suzi Levine appeared to confirm those payments were made during an interview in which KING 5’s Michelle Li asked, “Did your office pay fraudulent claims in the identities of ESD employees? Do you know that answer?”
Levine answered: “I am not going to disclose specific information about specific individuals. But overall, there were fraudulent claims paid in all sectors for individuals whose identities had been previously stolen from breaches… ”
An ESD spokesman did not clarify Levine’s statement afterward and said the agency “did not have the resources at this time” to verify that payments were made on fraudulent claims in the names of ESD employees.
Levine has previously refused to answer whether she personally was a victim of ESD’s imposter fraud.
The agency said that it dialed back automated security measures in the early stages of the COVID-19 pandemic. The goal was to quickly process the record-setting number of unemployment payments that were being filed as businesses shut down due to stay-at-home orders and other factors.
Crane Hassold, the Director of Threat Research for digital security firm Agari, said Nigerian cyber-theft rings locked in on Washington state early because of its generous unemployment benefits and its downgraded security process.
“There were so many people that needed assistance because of the pandemic, because of the rampant unemployment, that a lot of states essentially postponed some of that (employer) validation right away and essentially took claims at face value,” said Hassold.
Initially, losses were estimated at as much at $650 million. However, on Monday, Levine said that more than half of that money was recovered before the fraud rings could pull it out of bank accounts and move the money overseas.