Boise woman says someone broke into her unemployment account, saw Social Security number
A Boise woman who went on unemployment after the pandemic struck says someone broke into her account at the Idaho Department of Labor this week and may have stolen her Social Security number and other personal data.
She warns that other account holders could be at risk as well. But the state denies its system was hacked.
Heather Sprague, who lives in West Boise, said someone changed the bank account name, and routing and account number, in her account. Later, a fraudulent claim for unemployment compensation was filed in her name. The intruder was able to see personal information including her address, phone number, date of birth, driver’s license number and Social Security number, she said.
She learned about the incident when Idaho Labor sent her an automated email saying that she had changed some information in her account. The email said no action was necessary if she had made the changes, but that she should call if she did not.
When she called, Sprague said, a representative told her that someone had already submitted a claim for payment. The representative canceled the claim and flagged the account internally for fraudulent activity.
Sprague said a second Idaho Labor representative told her that a similar incident happened to another claimant on Tuesday.
“I was bummed that they hadn’t let people know that this is happening,” Sprague said by phone. “Anyone who’s ever filed for unemployment could be hacked at this point.”
Sprague said she does not use her Idaho Labor log-in information anywhere else, so she believes the department’s website must have been hacked. Idaho Labor declined to discuss Sprague’s situation but insisted that its unemployment insurance system had not been hacked.
“The majority of all fraud activity we see is the result of individual identify theft – not a hack,” spokesperson Georgia Smith said by email. “Stealing someone’s user ID or password is the primary way someone gains unauthorized access to anyone’s record no matter what business a thief steals it from, whether it’s a restaurant, bank or retail outlet.”
Larry Ingram, the chief of Idaho Labor’s Unemployment Insurance Compliance Bureau, said fraud cases are referred to federal investigators. “We dive very deep into this,” he said by phone. “We try to stop this type of activity.”
Sprague, a graphic designer, said she worked in the marketing department of Western Power Sports, a Boise distributor of parts for motorcycles, snowmobiles, ATVs and power boats, when she was furloughed in early March. She drew unemployment payments weekly until her furlough ended in May.
The incident has created hassles for Sprague. She said she went to her bank immediately to close her account and open a new one. She called the four main credit bureaus to place fraud alerts. She is looking into buying Lifelock or another identity-theft protection account. She must tell creditors, such as her student-loan servicer, of her new account information.
And then she must wait, and watch, to see whether these steps have been enough.
“It has caused a lot of stress, not knowing where my Social Security number is or who’s seen it, who has it,” she said.
Sprague said she is lucky that whoever got into her account did not lock her out of it or change her email preferences, or she would not have received Idaho Labor’s automated email. Other Idahoans might not be so lucky, she said.
“Everybody’s Social (Security number) is fully exposed in their profile, so if somebody hacks, they have everything they need to steal your identity,” she said. “Everything is totally viewable.”
Smith, the spokesperson, said the department advises people who say they are victims of personal identity theft to sign up for credit monitoring.
“We constantly remind them — through emails, tip sheets, blog and social media posts and news releases — to change their passwords regularly, limit their exposure on social media and make sure the websites they visit are legitimate.
“Personal identity theft is something that affects millions of people every year. We’ve recently heard examples of identity theft from UI claimants where they subscribed to a photography site that suffered a data breach. The thief stole individual email addresses, IP and physical addresses, names, phone numbers and passwords from 8 million people.
“We regularly update our unemployment insurance system so it meets the highest security standards possible, and we constantly evaluate our practices to make sure we are doing everything possible to protect individual personal information.”
This story was originally published December 17, 2020 at 4:13 PM.
