Cybercriminals Now Targeting Unemployment Benefit Claims

Unemployment benefit claims remain nearly four times higher than this time last year, and cybercriminals are taking advantage of this surge.

This week, news broke that an estimated 1.4 million Washington state residents who filed unemployment benefit claims had their Social Security numbers (SSNs), driver’s license numbers, bank account numbers and employment information stolen.

The Office of the Washington State Auditor (SAO) said it suffered the data breach after a threat actor exploited a vulnerability in a Accellion secure file transfer service. The exposed unemployment benefit claims were in data files from the Employment Security Department (ESD) and contain sensitive personal information of Washington residents.

Some 10.7 million Americans were out of work as of December. With unemployment benefit claims at record highs, it’s never been more important for government agencies to heighten the protection of their programs and their users.

Justin Fox is director of software engineering at NuData Security, a Mastercard company. They said there have been other cyber incidents involving unemployment benefit claims.

NuData Security’s Justin Fox

“The Canadian Revenue Agency had several issues earlier this year due to COVID-19-related benefit administration,” they said. “There was also the SolarWinds hack, which is a third-party solution [for] many organizations that mirrors the traits in this breach.”

Every affected resident who filed unemployment benefit claims will need to step up their diligence and be on the lookout for fraudulent activity on their accounts and credit reports, Fox said.

“Attackers will often leverage data acquired from a data breach to create new accounts, initiate free-trial fraud or break into existing accounts,” they said.

COVID-19 benefits are proving more alluring for cybercriminals, Fox said.

“Basic security hygiene is a key prevention tactic for most breaches, but was not the focus in this breach,” they said. “Compliance with enterprise standards like NIST 800-53 would be beneficial. Ensuring vendors are compliant would help for this specific breach.”

Purandar Das is CEO and co-founder of Sotero Software.

Sotero Softwares Purandar Das

“Data sharing, by organizations, is one of the key areas of vulnerability,” he said. “This activity is an area that will be targeted more and more by hackers. Organizations have relied on secure data transfer – meaning the data is protected in transmission – as being sufficient. This is no longer true. Even if the data is secure during transmission, the underlying data is in clear text. True and complete data protection has to be built from the ground up. Regardless that the data is being transmitted over a secure channel, data security must start at the source. The data should be protected (encrypted) all the time, even in use. This is a huge part of protecting data and information.”

Das said the damage from a breach involving unemployment benefit claims is multifold:

• Immediate loss of trust.
• Financial exposure for the affected individuals.
• Losses for the government through fraud leveraging the credentials.
• Financial and legal liabilities from fines and legal actions.
• Long-term impact on other platforms as data is co-mingled with other stolen and publicly available information.
• Financial impact of replacing or reissuing lost credentials and recreating artifacts

“Credit card companies discovered this a long time ago,” Das said. “Hence the reason why credit card information is never transmitted to the retailer. The card companies encrypt it and don’t transmit or share the information. Unfortunately the same mechanism does not work for everyone. The transmitted data needs to be available for use and analysis. Adopting newer technologies that enable the use of encrypted data by the proper parties coupled with multi-party key ownership for authentication is one way to eliminate data loss during transmission.”

MSSPs and other cybersecurity providers can help by assessing the threat posed by third-party tools, he said. They can also maintain control and security of data when data is outside the organization.

In addition, they can eliminate the need to …