The Department of Labor and Industrial Relations said it is seeing an increase in fraudulent claims connected to the new Pandemic Unemployment Assistance program from organized criminals.
The labor department’s spokesperson said it did not suffer a data breach, hackers are using stolen information that could have been taken from people years ago.
Some viewers reported receiving a letter from the state, in it were details of a person’s eligibility for the PUA program, but the issue is that some of them did not apply for the assistance.
The Hawaii Marketplace Manager for the Better Business Bureau Northwest and Pacific, Roseann Freitas, said hackers could use stolen information from years ago, once they have a person’s address and social security number it is simple to claim for unemployment.
Freitas said, “Somebody filed a claim in that person’s name, the first clue they had either their HR department contacts them to say you’re still employed why did you file, or they receive a letter about their unemployment claim.”
The state’s labor department said it was notified by the U.S. Department of Labor and the Secret Service of organized crime targeting unemployment systems using stolen data.
“They are not sure what data breach it was,” Freitas said. “It could have been the one where Equifax was involved, it could have been any numerous data breaches where you received notice that your information was stolen.”
The letter stating PUA benefits also provides instructions if the activity is fraudulent, the labor department said to follow those instructions.
A statement from a labor department spokesperson said:
“If you receive a letter giving you notice of a Pandemic Unemployment Assistance (PUA) claim, please follow the instructions at the bottom of the letter:
If you did not file a claim for PUA benefits, please go to PUA.HAWAII.GOV and click on the link “Use a Letter ID to Report Identity Theft. You will need to enter the Letter ID and Claim ID found on this notice.”
The U.S. Social Security Administration should also be notified.
Freitas said this is just the start because once a person’s sensitive information such as social security number is out and in use by thieves, people will have to constantly monitor their bank accounts and credit scores for anything out of the norm.
Freitas said, “Go ahead go into all of your accounts, change all of your passwords and go to the credit bureaus, the three big ones, and put a credit freeze on your account so nobody else opens anything.”
Experts also recommend scrubbing social media to remove personal information such as birthday, graduation year, or even hometown, especially if it is the information used in security questions.