COLUMBUS, Ohio — The Ohio Department of Jobs and Family Services acknowledged it has failed to track the number of Ohio workers whose unemployment benefits were stolen — and the amount of taxpayer dollars lost as a result — through so-called account takeovers.
Account takeovers occur when a hacker gains access to an account — in this case, Ohio unemployment accounts — and changes the bank account information so state benefits are delivered to the criminals' accounts.
In an email sent to News 5 last week, ODJFS Communications Director Bill Teets wrote:
"On the account takeovers, unfortunately we don’t have a number.
"Basically, the answer is that our system does not have an identifier that would allow us to aggregate the number of individuals who’ve reported a potential account takeover. Our original response to such calls was to ask the claimant to report the criminal activity to the FBI, then help the individuals reset their PIN so they could regain control of their account."
"I don’t believe them. I believe they’re lying," said State Senator Teresa Fedor (District 11 - D). "I think there’s a lot of smoke blowing going on."
Fedor is a member of the state's Unemployment Compensation Modernization and Improvement Council, which was created to improve Ohio's unemployment system after it was overwhelmed by the unprecedented surge in workers' claims at the start of the pandemic.
"This is a serious, serious issue and they can’t act like it’s something that’s just happening now," Fedor said. "They know their system is weak. It’s not protecting Ohioans...and they’re not protecting their information."
Fedor, who represents Toledo and some of its suburbs, said her office has fielded calls from unemployed workers all over Ohio who said they are the victims of account takeovers. So far, she said she has a list of approximately 60 victims.
"It’s an antiquated, under-invested system that’s causing the vulnerability and for Ohioans to be attacked through identity theft," Fedor said. She said ODJFS should move quickly to reimburse the victims.
"Make our Ohioans whole and fix it," she said. "People cannot afford to wait."
'Shut it down'
Jeff Adams, President, UAW Local 1219, reached out to Fedor after 19 workers he represents reported their unemployment benefits were stolen through account takeovers.
"Imagine, you’re a member and you’re scrounging to get money, you think you’re getting this three-week paycheck and then, all of a sudden, it (ODJFS) says paid and it’s gone," Adam said.
The workers were laid off from the Ford Motor Co. Lima Engine Plant as a result of a global shortage of semiconductors.
"It’s really upsetting that it seems like our governor (Ohio Gov. Mike DeWine) doesn’t care or the lieutenant governor (Lt. Gov Jon Husted)," Adams said. "It’s their job to do this. For me, if I was governor, you just gotta shut it down and figure out what we gotta do, instead of saying ‘Oh well.’ They just let it keep happening."
'A high priority'
During a news conference July 15, ODJFS Director Matt Damschroder announced the state is working on a plan to reimburse the victims.
“We are actively researching ways that we can provide these victims of these schemes with the benefits that they are entitled to," Damschroder said.
However, Damschroder did not provide a timeline for when a system will be in place to allow account takeover victims to apply for reimbursement or specific information about the scope of the cybercrime in Ohio.
When News 5 initially asked about the number of account takeovers in April, former ODJFS spokesman Bret Crow wrote in an email, "We have been notified of about 100 instances where claimants report being affected by this scheme.”
Since then, News 5 repeatedly asked for an updated number of account takeover victims. For weeks, ODJFS spokespeople responded that they were "still gathering" information. Then, on July 13, ODJFS Communications Director Bill Teets sent the email stating ODJFS does not have a number.
Prior to the July 15 announcement, ODJFS was steadfast in its refusal to help account takeover victims. Some victims received letters stating ODJFS would not send them duplicate payments.
'I can't take anymore'
“There should have been security measures in place before, not after this happened," said Denise Williams, a Garfield Heights resident, who said more than $4,000 was stolen from her.
Williams said cybercriminals accessed her Ohio unemployment account and changed her banking information. She said her money was rerouted to an account with Green Dot Bank account.
Williams said the theft of her unemployment benefits couldn't have come at a worse time. She is still grieving the loss of her oldest son, Derrick, who died in January.
“It’s very close to the straw that broke the camel’s back," she said. “This is, just, I can’t take anymore."
Prevent an ATO
ODJFS said there are simple steps you can take to avoid becoming the victim of an account takeover.
Ignore all unsolicited text messages
- Never click on hyperlinks in emails or text messages that look suspicious
- Log in each week to your account and review personal information such as your physical address, email address, and banking information
- Remember ODJFS will not contact you or ask for your username or password
If you are a victim of an ATO:
- Report immediately by calling 833-658-0394. ODJFS will then work with you to verify your identity and provide you with next steps, such as changing your Personal Identification Number (PIN) and reporting the theft to law enforcement.
- Notify your bank
- Alert the three credit bureaus: Equifax, Experian, TransUnion
- Report the fraud to the FBI Internet Crime Complaint Center IC3