Cyber Incident Victim: California Employment Development Department
Date:
Sep 2020
Location:
United States of America
Summary
Criminals utilized stolen identities from national and global data breaches to fraudulently collect unemployment benefits through California's Employment Development Department, exploiting expedited payment processes in the federal Pandemic Unemployment Assistance program designed for gig workers and self-employed individuals affected by pandemic-related shutdowns. The department suspended or closed suspected fraudulent claims, halted backdated payments to curb abuse, and collaborated with law enforcement agencies to investigate and prosecute offenders, while some residents erroneously received debit cards and documents intended for others due to the fraudulent activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2020, the California Employment Development Department (EDD) disclosed widespread fraudulent activity targeting its unemployment benefits programs, particularly the federal Pandemic Unemployment Assistance (PUA) initiative established to aid gig workers, self-employed individuals, and small business owners impacted by COVID-19 shutdowns. Criminals utilized stolen identities obtained from prior national and international data breaches to file fraudulent claims, exploiting the expedited payment processes EDD had implemented to accelerate relief distribution. The agency reported that perpetrators specifically leveraged the practice of backdating PUA payments—a measure intended to hasten funds disbursement—to facilitate their schemes. This fraud surge resulted in California residents receiving erroneous EDD correspondence, including debit cards preloaded with benefits intended for unauthorized claimants. One documented case involved a Hayward resident receiving multiple mailings addressed to different individuals, highlighting the scale of identity misuse. EDD acknowledged that while legitimate PUA claims existed, the unusual spike in applications strongly indicated coordinated fraud.
EDD responded by suspending or closing claims flagged as suspicious and collaborating with local, state, and federal law enforcement agencies to investigate and prosecute offenders. The agency halted its backdating procedure for PUA payments to curb further exploitation, acknowledging this decision might delay legitimate claims processing. Public guidance instructed recipients of fraudulent materials to mail them to a designated Sacramento post office box for investigation. EDD emphasized its aggressive stance against the fraud campaigns affecting California and other states but did not disclose specific metrics regarding compromised claims or financial losses. The incident underscored vulnerabilities in emergency relief systems during rapid deployment and the persistent threat of recycled breach data in large-scale financial fraud.