Public sector agencies face increased identity fraud risk after 22 million Americans had personally identifiable information (PII) exposed in data breaches in Q4 2022.1 As stolen PII becomes more easily attainable, criminals can use identity and employment information to defraud government programs and systems like unemployment insurance (UI).
Stolen identity was the cyber threat 62% of consumers were most concerned may personally affect them, according to TransUnion’s Consumer Pulse Report.2 And in Q4 2022, 321 high-risk* data breaches were reported.3
Despite lower breach activity compared to Q3, a TransUnion analysis uncovered heightened risk due to a larger volume of exposed identity information, including government-issued documents like driver’s licenses, passports and Social Security numbers4 — any of which can lead to future fraud targeting UI programs.
TransUnion data demonstrates risk specifically for government document fraud has grown significantly since early 2020 and remains roughly 19% above a Q1 2020 baseline .6 Criminals may have access to up to 1.4 million identities that may be used to gain payouts from government services or acquire government-issued IDs for other fraud schemes.7
Identity theft resulting from data breaches and other cyber threats poses significant risk to state workforce organizations. To mitigate potential fraud, workforce agencies can implement a three-phased approach:
$140 million in grants was provided by the Department of Labor to help states improve fraud prevention — part of the $1.9 trillion funds authorized by the American Rescue Plan Act of 2021. The federal government also deployed so-called “tiger teams,” or groups of experts across fields, including fraud and engineering, through a deal with TransUnion and other firms to better verify the identities of unemployment insurance applicants and pinpoint suspicious data.8
A greater understanding of potential risk can better position workforce agencies striving to protect against and mitigate fraud. Learn the most significant areas of risk from data breaches, the potential impact identity theft has on your agency and possible mitigation strategies.
1, 3, 4, 6, 7 Public Sector Breach Intelligence Dashboard, TransUnion, Mar. 2023
2 Consumer Pulse Report, TransUnion, Q4 2022
5 Potentially Fraudulent Unemployment Insurance Payments in High-Risk Areas Increased to $45.6 Billion, U.S. Department of Labor, Office of Inspector General, Sept. 2022
Using data from Sontiq, a TransUnion company, the Public Sector Data Breach Risk Severity Index is derived using Sontiq’s BreachIQ algorithm which evaluates identity crimes that could result from exposed PII. Each breach is assigned a risk score of 1 to 10 based on the level of risk created for the victim across these fraud types. The Public Sector Data Breach Risk Severity Index uses an average Sontiq BreachIQTM scores where stolen identity credentials had the potential to be used to further fraud in public sector categories. All calculations herein are based on the date a breach was reported. For more information on methodology, download TransUnion’s Public Sector Breach Intelligence Dashboard.
*High-risk breach: A breach where a given category is in the top five harms associated, as determined by the BreachIQ algorithm.