AUSTIN (KXAN) – Texas is under attack. So is nearly every other state in the union. The assault is silent and those hit don’t know they’re hit until it’s too late.

“My husband received two different notifications from the Texas Workforce Commission informing him that he had applied for unemployment insurance,” Lisa Martin said, holding the tri-folded notification letters.

There was one problem: Miller’s husband isn’t unemployed. He’s worked for the Texas Department of Transportation for years.

The TWC letter shows Miller was set to receive $535 weekly with a total eligibility of up to $13,910. Someone, somewhere, stole her husband’s personal identifying information – including his social security number – and filed a claim.

The state caught the fraud in one of its basic fraud checks. The TWC sent notification letters to the Martins and to TxDOT. Both were able to notify the TWC of the fraudulent claim immediately.

“I kind of credit his employer, who is TxDOT, with quickly notifying the Texas Workforce Commission and hopefully stopping things before they’ve gone too far,” Martin told KXAN. “And, I know that when my husband spoke with people in the human resources department, some of those people themselves had just had their information taken. So, they were quite familiar with this.”

Since January, TxDOT said it received 529 fraudulent unemployment claims filed using stolen identities of employed TxDOT workers. The Martins also received a letter from the TWC confirming the unemployment application was an act of fraud.

The Martins have placed locks and monitoring on their digital identities and filed a report with the Austin Police Department.

“We haven’t been contacted by anyone. We have a report, number, a summary incident report with the Austin Police Department. They wanted to know whether we knew who had committed this fraud, and of course, we don’t,” Martin told KXAN investigator Jody Barr.

“Do you have any confidence that the person or people who did this to you all will ever be caught?” Barr asked.

“No. Not at all,” Martin replied.

Since March 2020, the TWC’s received 5.1 million unemployment claims with an average of 81,000 claims each week. In May, the TWC told KXAN the agency received 737,000 “suspicious claims,” meaning ones the agency suspects were fraudulent.

Between March 2020 and May 2021, the TWC reports losing $893.5 million in payments to fraudulent unemployment applications.

$893 million ‘is what they know about’

To figure out how this happened and why the state’s identity theft prevention systems allowed the nearly $1 billion theft to occur, we decided to interview the man who helped develop and perfect the systems cybercriminals around the world used to steal nearly $1 trillion from the nation’s unemployment system since last March.

Convicted of 39 felonies, Brett Johnson was dubbed the “Original Internet Godfather” by federal investigators.  

“So when you tell me $893 million, I’ll tell you that’s what they know about. I want to say it’s double, maybe triple that just in the state of Texas,” Johnson estimated.

Johnson, once a U.S. Secret Service “Most Wanted” fugitive, served seven years in Texas federal prisons for helping to steal identities to commit fraud. He was one of 28 cybercriminals busted in a 2004 federal investigation known as “Operation Anglerphish.” Johnson helped found ShadowCrew, the precursor to today’s Dark Web.

Johnson, now reformed, works as a consultant for the federal government and private corporations to help fight the crime he helped perfect.  

Johnson estimates his thefts totaled $7 million between 1998 and 2006.

“I was very fortunate that I was given the opportunity through the FBI, and with the help of my wife and sister, I found that reformation. I was given a chance to use all the knowledge I’ve got to help people instead of hurt people,” Johnson told KXAN.

The TWC reported 1,142 fraud claims in all of 2019. Amid the pandemic, between March 2020 and August 2020, the TWC saw its 2019 fraud claim numbers triple to 3,500. Between September 2020 and May 2021, the TWC reported 735,000 fraud claims and a loss of nearly $1 billion.

“These numbers continue to explode. And, the reason why is that cybercrime is not rocket science. It does not take a genius to commit these types of crimes,” Johnson said.

Story continues below…

All a criminal needs is what’s known as Personally Identifiable Information, or PII — your name, address, birth date, email address, banking information — anything that can be used to take on a victim’s identity.

Criminals, seeing the trillions of dollars flowing into the nation’s unemployment agencies, went on the attack.

“The pandemic shut down the economy in six weeks. They knew if they didn’t get money out quickly, that the — that the whole thing was going to go belly up. So, they put these stimulus programs in place. But guess what? They didn’t put any security in place. And, I mean, no security, no controls in place at all,” Johnson said.

A chief executive with Lexis Nexus, a private identity theft company, said his company’s review of U.S. unemployment systems puts it at a level to be considered a national security threat.

“Transnational criminal groups, primarily from Russia, Nigeria, and China, took advantage of the fact that the unemployment insurance systems in this country were more focused on program integrity, and not focused on imposter fraud,” said Haywood Talcove, who heads Lexis Nexis’ government division.

“There hasn’t been a state in the country that we’ve looked at, that hasn’t seen fraud rates between 35 and 40%,” Talcove said. Typical fraud rates hover between 8% and 10%, according to Talcove.

Talcove considers Texas’ fraud to be a “complete lack of planning” spread between the nation’s government internet technology departments and unemployment agencies.  

“Now, in their defense, I don’t think they ever would have suspected that transnational criminal groups would have infiltrated the system at this scale,” Talcove said, citing a U.S. Department of Labor statistic.

‘Super Bowl for Fraudsters’

The Texas Workforce Commission said it could have stopped nearly all of the $893.5 million in fraud payments that ended up in the hands of identity thieves. But, doing so would have created massive delays in unemployment payments to those who truly needed them.

“If we had a system that was ironclad that stopped all fraud, it would slow the system down so that those folks that you were talking about who are struggling to get by and could be losing their houses, their payments might be delayed by weeks and months,” James Bernsen, the TWC’s Director of Communications, told KXAN.

TWC figures show the agency went from an average of 7,000 monthly unemployment claims to 1.3 million claims during the first month of the state’s shutdown in 2020. The state’s priority was to pay the avalanche of claims while trying to identify and fight the fraud within those claims.

“You really have two things that you’re trying to do in an unemployment system: you’re trying to pay out benefits quickly, and you’re trying to stop fraud,” Bernsen said.

Bernsen said the TWC didn’t initially notice its 2019 total fraud claim numbers had tripled between March and August. Agency records show 1,142 claims in all of 2019. By August 2020, that number for the year grew to 3,500.

“With 3,500, even that number is really manageable with the staff and the processes we had in place. That was about the time though, when we saw, like I said, that this didn’t just start off, you know, day one, zero to 60. It started slowly, gradually increasing. And, as we saw that we started looking at the need for this, and the need of putting in a dedicated system for this,” Bernsen said.

The agency’s basic theft protections were in place from the start.

Once an unemployment claim’s filed, the TWC sends notification letters to both the applicant and employer. At that point, either side would know whether the claim is authentic and can notify the TWC if it is not. The agency said it has other internal fraud prevention processes in place but would not explain what those are.

KXAN filed an open records request with the TWC, asking for records showing whether the agency implemented additional identity theft prevention into the system after the pandemic hit.

“This is the Super Bowl for fraudsters. They want to try to get access to all this money, this money that’s available in all the states in America. And we’ve seen that and we stopped it in a lot of cases,” Bernsen said.

On Oct. 30, the TWC signed a $1.7 million contract with ID.me, a private company that specializes in identity verification. Part of what the company uses to ensure the person filing the claim is actually the claimant are government documents like a driver license and has claimants upload selfies.

But, the TWC said ID.me was not intended to catch fraud — only to verify a claimant once fraud was detected in an account.

“So it’s not the fraud that precipitated the need for ID.me, but the need to clear the fraud holds,” Bernsen told KXAN.

That system didn’t go into place until November 20, 2020, eight months into the pandemic.

“Obviously, we’d like to have brought that in as quick as possible, and anticipatory. But, again, these were issues that really no state had ever seen before. And, so, we brought it in as soon as we determined that this was an important need. And we started working to put that system in place,” Bernsen told KXAN.

The TWC reported $49.2 billion in unemployment benefits paid to 8.1 million Texans since mid-March 2020. The agency reported “preventing” $9.4 billion in fraud claims during that time, but $893 million was paid out to suspected fraud claims.

Story continues below …

Despite losing nearly $1 billion to fraudsters, Bernsen said the TWC is doing “very well” in its fraud prevention. Bernsen pointed to California’s unemployment system that lost $400 million to fraud after identity thieves used prisoner PII to claim benefits.

“We don’t even have that issue because we check our claims against our prisoner database. The total California UI fraud is $11 billion (LA Times source for both), which is more than 12 times more than the total Texas fraud identified,” Bernsen wrote to KXAN in a response to our request for an interview with Gov. Greg Abbott for this report.

Abbott told FOX News earlier this week he plans to end Texas’ extended unemployment benefits. Part of his reason was the governor said businesses were concerned “about a lack of availability of a workforce” and the state had more job openings than people on unemployment.

Abbott also cited a TWC figure that 18% of all Texas’ pandemic unemployment claims were fraudulent. The figure aligns with the same statistics the TWC provided KXAN.

“So, we need to get people off of the unemployment line and get them back into the workforce so they can be earning a paycheck,” Abbott said in the FOX News broadcast.

The governor appoints each of the three TWC commissioners.

Abbott did not respond to KXAN’s request for an interview, but his office sent the TWC our request for response. Abbott’s office had not responded to any request from KXAN to be interviewed on this topic since our investigations into the TWC started in 2020.

Senior Investigative Producer David Barer, Investigative Photographer Ben Friberg, Graphic Artist Rachel Garza, Director of Investigations & Innovation Josh Hinkle, Digital Executive Producer Kate Winkle and Graphic Artist Jeremy Wright contributed to this report.