BOISE, Idaho — Editor's note: The Idaho Department of Labor sent KTVB a statement on Thursday afternoon clarifying this was not a hack of the unemployment system, but a case of individual identity theft. Their statement is included at the bottom of this story.
An Idaho woman is sending out a warning to others after her unemployment account was hacked months after she returned to work.
Heather Sprague told KTVB that her bank account information was changed on the Idaho Department of Labor's website when someone tried to get unemployment benefits under her name.
According to Larry Ingram, unemployment insurance compliance bureau chief, the department isn’t seeing more of these cases, but is seeing more claims, in general, this year because of the pandemic.
Sprague was one of the thousands of Idahoans who had to turn to unemployment because of the ongoing pandemic.
“I was temporarily laid off from my job I had at the time because of COVID,” she said.
Sprague was laid off in March and she received unemployment until May.
“That was the last time I received any benefits for this year,” she said.
For months, she hasn't thought about the Department of Labor - or unemployment benefits. On Wednesday morning though, she checked her phone and saw an email.
“I had gotten a standardized response from their website for the Idaho Department of Labor unemployment office saying my payment details had been successfully changed,” she said.
The only problem was that she didn’t make the change. The email told her that if she was the person who made the change then there was no need to be concerned. However, if she wasn’t the one who made the change, the email directed her to call a number.
Sprague went onto the website and saw the change for herself.
“I just was shocked," she said. "You hear about people having to deal with identity theft and you never think it’s going to be you. Then one day you wake up and you're like, okay it’s my turn.”
The information had been changed with the nickname Greendot Checking and an account number and routing number she didn't recognize.
Her biggest concern right now is all the information on her account.
“Unfortunately, when you sign up for unemployment benefits, you have to provide your social security, and all of your personal information,” she said.
Her driver’s license number, birth date, email, phone number and more were all on the website. She reported the information to a credit agency and so far hasn’t seen any suspicious information on any of her accounts.
Since she reported it so quickly the person who changed the info likely won't cash in.
“What we do is we put a lock on the account,” said Ingram, who added that the department is always watching out for this.
“We do have safeguards in place, and we do monitor that type of activity, we look for it,” he said.
Now that this has happened to her, Sprague has advice for others who filed for unemployment this year.
“Definitely go in and check your information and verify your payment information is correct and it’s you,” she said.
She also suggested changing the password to the account and make it a difficult one to break.
At this time, it’s not clear how her account was hacked.
If this ends up happening to you or if you see some suspicious activity, the best thing to do is to either email the department at Fraud@Labor.Idaho.gov or call their fraud line at 877-540-8638.
Idaho Department of Labor's statement sent to KTVB on Thursday:
Idaho’s unemployment insurance system has not been hacked.
We regularly update our unemployment insurance system so it meets the highest security standards possible and we constantly evaluate our practices to make sure we are doing everything possible to protect individual personal information.
The majority of all fraud activity we see is the result of individual identify [sic] theft – not a hack. Stealing someone’s user ID or password is the primary way someone gains unauthorized access to anyone’s record no matter what business a thief steals it from, whether it’s a restaurant, bank or retail outlet.
When a UI Claimant tells us they are a victim of personal identity theft or their identity is stolen, the first thing we do is recommend they review and monitor their credit. We constantly remind them - through emails, tip sheets, blog and social media posts and news releases - to change their passwords regularly, limit their exposure on social media and make sure the websites they visit are legitimate.
Personal identity theft is something that affects millions of people every year. We’ve recently heard examples of identity theft from UI Claimants where they subscribed to a photography site that suffered a data breach. The thief stole individual email addresses, IP and physical addresses, names, phone numbers and passwords from 8 million people.
Watch more 'Local News'
See them all in our YouTube playlist: