Federal and state unemployment benefit computer systems are technologically “outdated,” which has led to billions of dollars in fraudulent jobless claims being paid out, Virginia Democratic Sen. Mark Warner said Thursday.
“Not only is the [Virginia Employment Commission’s] computer equipment old, this is a problem all across the whole country,” Warner told reporters at a press briefing. “Matter of fact, I know there was a lot of debate early on in COVID, you know, why was there a $600 a week plus-up? Why wasn’t this more tailored to somebody who lost their job, giving them some level of salary replacement? Why wasn’t there more flexibility? The reason was both at the federal Department of Labor and at state unemployment commissions all over the country, our technology is way outdated.
“And one of the things that, frankly, we didn’t do enough of in the COVID CARES relief package is upgrade technology, number one. Number two, this idea of cyber criminals impersonating Virginians. This is not a Virginia-centric problem: The number of states that are experiencing this issue is huge. We have seen enormous amounts of fraud.”
In July, the Department of Labor Inspector General estimated that close to $90 billion was paid in fraudulent or improper unemployment benefits during the pandemic.
Jobless benefit payments ending up in “the hands of foreign cyber criminals” is a “huge issue” that the federal government and states around the nation haven’t done enough to prevent, said Warner, the chairman of the Senate Intelligence Committee.
“There is not even a requirement” currently, he said, “that a state unemployment commission, or for that matter, even a federal agency, if they are hacked into, actually have to report that hacking to CISA, which is the Department of Homeland Security’s cyber center that’s supposed to take care of domestic cyber incidents.”
Warner predicted that a cyber breach incident reporting requirement for states will likely get added to the final Senate version of the National Defense Authorization Act.
“I’m very confident that we will see this at least first step to make sure that the VECs and the others report these cyber incidents, so that law enforcement and cybersecurity professionals across state governments and federal governments can actually act to prevent this,” he said. “One of the things, candidly, we should have done more on in the bipartisan infrastructure bill — our technology systems inside government is part of infrastructure, and candidly, we have not made the kind of investments that we should.”
Warner said federal and state unemployment computer systems should be able to operate as quickly as Amazon.com updates product listings.
“If you can see Amazon change their prices on a minute by minute basis,” shouldn’t government computer systems likewise “have a little bit of security and have a little bit of flexibility to reimburse folks at different levels of income, different amounts of money?” Warner asked. “So far, we’ve not been able to do that. I do think the cyber incident reporting will be a step in the right direction on clamping down on this kind of cyber attack in unemployment systems and across other government agencies. We’re seeing it everywhere.
“We’re seeing it across healthcare systems. I think the SolarWinds hack that got into 18,000 companies, or the Colonial Pipeline hack that ended up having many of our gas stations in Virginia closed down for a number of days, I think, brought that to folks’ attention. We’ve got to act on this now. And again, the good news is I do think we will get the cyber reporting bill to become part of the law of the land before Thanksgiving.”