Elena Moreno was shocked to get her Bank of America card in the mail. She's been retired for 12 years. "I have nothing to do with DES or unemployment," Moreno says.
Holly Barnes never applied for unemployment insurance. But she, too, got a card with her name on it. "I'm thinking, ‘did my job lay me off and I don't know about it?’" That didn't happen.
More than 400 people now tell us they didn't apply, but also got debit cards and some with more than $8,000 in the account. The Department of Economic Security (DES) told us the protocol changed, and the cards continue to be sent out.
Moreno, Barnes and many others told us they just got those cards in August. We asked DES why this has continued.
In an email, DES stated, "if an individual files a claim and their payment selection is for a debit card, there isn't a way for us to prevent the card from being mailed, even if that claim is fraudulent. If the debit card is being issued as a result of incorrect banking information, this debit card will be empty of funds. We continue to improve our program integrity measures to prevent payment on fraudulent claims, and we will continue to recoup funds issued for claims that have been filed fraudulently."
The Arizona Attorney General's office claims since June, they've, "received more than 1,000 complaints related to unemployment insurance fraud."
Tom Hannon says he also received a card recently but never applied for unemployment. Hannon says he doesn't know where scammers may have gotten his information to set up an account. He does know that he was a victim in that huge Equifax data breach three years ago. Other victims told us they, too, know their information was taken in that breach. DES didn’t comment about an Equifax breach connection or any other possibility.
The Attorney General's office told ABC15, "our investigation is ongoing and it wouldn't be appropriate for us to comment on what we've found so far. It is possible that people's information from data breaches could be used to make fraudulent DES claims. However, to specifically say there is one data breach in particular wouldn't be accurate. Data breaches happen all the time and bad actors often sell the information on the black market. "
The Attorney General's Office also advises that if you received a card and never applied for it you should follow these steps:
- Immediately contact your bank and/or credit card company and request a new card.
- Review and scrutinize debit and credit card transactions.
- Request a free credit report from the three credit reporting agencies (Equifax, Experian and TransUnion) to check for any unauthorized accounts and charges. Consumers should continue to monitor credit reports.
- Consider implementing a security freeze
- Change all your passwords and security questions and answers for any online accounts.
- Use strong passwords. A password should be at least 8 characters long, unique to each account, and contain upper- and lower-case letters, symbols, and numbers.
- Be cautious of unsolicited emails, texts or phone calls asking for personal information.
- Do not click links or downloading attachments in unknown or unsolicited emails or texts.
- Sign up for two-step email verification which requires a password and another step to verify your identity.
- Keep your financial information to yourself. Never give out credit card, checking or savings account information to anyone who calls you. Call the company yourself to make sure the inquiry is valid.