HARRISBURG, Pa. (WHTM) — Pennsylvania’s Department of Labor and Industry (L&I) said Friday it will provide unemployment compensation (UC) claimants free credit monitoring and confirmed it has “been coordinating with relevant federal partners on the investigation” into the hacking of the UC system.
“We actually refer to it as bank hijacking,” Secretary of Labor and Industry Jennifer Berrier told abc27 News in her first interview after the revelation.
In a release earlier to media, the department said it “is taking precautionary steps to protect claimants even though there has been no confirmed data breach.”
The distinction between the acknowledged hacking and a “data breach” — which Berrier reiterated the department doesn’t believe has happened — is important. Berrier said she couldn’t quantify the illegal activity, but she described “a significant intrusion” into the system dating back to October. But although the hackers have clearly stolen money from unemployment recipients, Berrier said L&I doesn’t believe the hackers have stolen personal information from those recipients.
For the first time, the department said its investigation focused on “unusual account changes” within the unemployment system. Berrier confirmed these are the direct-deposit bank account changes previously reported by abc27 News. “Bank account information has been changed for UC claimants,” she said.
Get daily news, weather, breaking news and alerts straight to your inbox! Sign up for the abc27 newsletters here.
In early January, the department confirmed attempts by fraudsters to steal unemployment checks from legitimate recipients by siphoning their funds into fraudulent bank accounts. The confirmation followed reports by abc27 News that unemployment recipients stopped receiving their checks, and that L&I telephone agents told they were among numerous Pennsylvanians whose direct-deposit banking information had been changed.
Cybersecurity experts said multi-factor authentication, or MFA, such as requiring a claimant to enter a code texted to a cell phone before changing banking information, could have prevented the apparent hacks. The company that sold the state its new unemployment system said the system is capable of MFA, but unlike other states, Pennsylvania didn’t turn it on.
“We are committed to getting to the bottom of this and working with investigators to hold those accountable who have been stealing these funds from individuals who desperately need this money,” Berrier said.
One claimant said his unemployment checks had been redirected to a San Francisco-based online bank.
“These fraudsters have been able to divert UC payments from legitimate claimants to illigitimate bank accounts,” Berrier confirmed.
In its release, L&I said, “claimants will have the opportunity to register for these free credit-monitoring services in the near future and additional information about how to register is forthcoming.”
It said claimants can report fraud by calling the PA Fraud Hotline at 1-800-692-7469.
“The Commonwealth continues to work with federal law enforcement and other agencies to investigate the sophisticated attacks on our system,” the release quoted L&I Secretary Jennifer Berrier as saying. “While an investigation into the cause of disruptions within accounts is ongoing, we want to protect Pennsylvanians from further harm by proactively providing free credit monitoring. We remain committed to working with law enforcement to prevent criminals from stealing public money and to catch those behind it.”