Fraudulent Unemployment Claims: Impacts from External Cybersecurity Incidents Such as the Equifax Breach of 2017
Malicious attackers regularly commit unemployment fraud across the United States. Unfortunately, some of the people who they attempt to impersonate are our employees, and we have seen unemployment fraud attempted at UNC. The sources of the data used by these criminals stem from numerous security breaches that have occurred at external organizations outside of UNC at Chapel Hill. There are various steps that can be taken to help prevent unemployment fraud, and to protect your personal finances as well.
Our teams at UNC have examined systems, networks, related logs and find no indications nor evidence that any sensitive and personally identifiable information (PII) has been stolen from our systems by outside sources. Unfortunately, numerous other organizations have experienced significant security incidents, resulting in breached data that is being used for fraud that involves the identities of certain UNC employees.
This video highlights the trend of unemployment abuse:
Sensitive and Personal Data Stolen: Breaches Such as Equifax
The data stolen during the Equifax breach is actively being used by attackers, and has been since 2017, to commit a wide range of fraud and theft. We are also aware of specific irregularities that were unique to the data that was stolen. COVID-19 has further expanded the use of this stolen data and provides additional opportunities for criminals to commit fraud. Attackers have been reusing the same distinctive data from that specific incident to commit a wide variety of financial fraud. This is a nationwide problem that unfortunately impacts some UNC employees who were included in the data that was stolen during this significant and adverse cybersecurity incident.
- New York: More than 425,000 fraudulent unemployment claims have been identified since March of 2020 (New York Department of Labor/DOL)
- Washington: Lost more than $600 million in fraudulent claims in 2020 (National Law Review)
- Ohio: More than 25% of claims filed in February of 2021 were flagged for fraud (ODJFS)
General Guidance and Reducing Risk
- Avoid interacting with and report any suspicious email and phone calls. Contact your HR consultant immediately if you receive a message or phone call related to surprising unemployment claims. If you suspect an information security incident, call 962-HELP.
- HR review of all unemployment claims involving UNC employees
- Utilize the fraud prevention and monitoring tools provided by credit agencies, enable additional security measures (such as required pins) for all primary credit agencies:
- UNC’s Safecomputing Website
- U.S. Department of Labor (DOL) – Fraud prevention resources and guidance
- NC Department of Employment Securities (DES), guidance and forms for reporting fraud
- Report unemployment fraud from the DES website, as shown below.