Saturday, July 18, 2020

Cybersecurity At Michigan's Unemployment Insurance Agency Wasn't An Afterthought.

It apparently wasn't a thought at all.

The Detroit Free Press: Detroit woman charged in $2M unemployment insurance fraud

A contract employee for the state of Michigan has been charged in a scheme that saw the fraudulent disbursement of more than $2 million in unemployment insurance funding intended to help people during the coronavirus pandemic.

Brandi Hawkins, 39, of Detroit, worked in the state's Unemployment Insurance Agency with duties that included reviewing, processing and verifying the legitimacy of unemployment insurance claims for the state, according to U.S. Attorney Matthew Schneider's office.

Yes, it's hard to protect from insiders, but the real story here isn't that she was caught and terminated it's that after she was terminated they did not shut off her access to the system so she continued the embezzlement remotely:

Hawkins was assigned to work as an unemployment insurance examine in April. She was terminated June 17, according to the complaint.

But the complaint says the state's fraud investigation unit reviewed the audit logs for Hawkins's user account and determined that she continued to remotely access state systems after "her termination and was actively 'discarding' fraud-stops and releasing payment on hundreds of fraudulent claims until early July 2020."

That's a pretty major security fail right there - to the tune of 2 million dollars, plus identity theft costs for everyone who had a fake claim made in their name by this criminal. Expect your UI rates to go up as a result of this incompetence.

2 comments:

Old NFO said...

It's Michigan, I don't expect anything better out of them...

Aaron said...

Old NFO: Sadly you're right. While woke as all get out, the incompetence by our state government is rather staggering.