Pa. schools, unemployment recipients the victims of data breaches, scams

Pennsylvania finds itself in the top 10 of two new rankings — but its high status could mean your data confidentiality is at a higher risk of being breached than most other Americans.

A new report found Pennsylvania ranks 10th nationwide in most data breaches at K-12 schools and finished in fourth place for the most data breaches at post-secondary schools.  

The report was compiled  by Comparitech, a consumer site providing information, tools, research and comparison studies for tech products and services. The study analyzed data going back to 2005. 

Pennsylvania schools have been hit by 52 data breaches since 2005 affecting more than 280,000 records. About 4 in 10 colleges in the Keystone State have experienced a breach. U.S schools overall, have leaked 24.5 million records in more than 1,300 data breaches since 2005, the report found.

The most common type of breach was a “hacking incident,” which was the cause for about 43 percent of all breaches. Unintentional disclosures by the institution, such as accidentally including personal information in an email, are responsible for about a quarter of all data breaches. 

Public schools accounted for 78 percent of all data breaches at educational institutions in the U.S. And the report found that “a vast number” of school-related breaches “affected an entire school district rather than a single school.”

The report notes that, while all 50 states currently have data breach notification laws, these laws may have been implemented throughout the course of the 15-year study, meaning some breaches may not have been reported.

 In 2018, the U.S. Department of Education began requiring colleges and universities to report any breach regardless of the number of records lost. 

The report on data breaches comes about a month after the Pennsylvania Department of Labor and Industry announced an unemployment scam had struck up to 58,000 Pennsylvanians in late May. While the department remains tight-lipped about whether additional Pennsylvanians have been targeted since then and the status of the criminal investigation, the perpetrators had targeted the Pandemic Unemployment Assistance Program. 

Now, as a result of the scam, PUA claimants will receive their benefits through a debit card. The move is also expected to save taxpayers $1 million per month, according to state Treasurer Joe Torsella.

Theresa Elliott, a spokesperson for the department, said L&I is “still working with state and federal partners” to investigate certain PUA claims to verify their authenticity.

The scam is particularly devastating as Pennsylvania has seen more than 2.2 million new unemployment claims since March 15, when the pandemic forced businesses to shutter and stay-at-home orders were implemented. Valid claimants waited for their benefits while individuals who had not filed for unemployment were receiving checks. 

The state’s unemployment rate in May stood at 13.1 percent, up from 5.8 percent just in March, according to the U.S. Bureau of Labor Statistics.  

The scam was part of a multi-state scheme to steal people’s identities, fraudulently file for PUA and then route the money to their own bank accounts or intercept paper checks. 

Individuals, including one state lawmaker, reported receiving erroneous unemployment checks they had not actually applied for. L&I Secretary Jerry Oleksiak confirmed none of the department’s own internal systems were compromised and the identities had been stolen prior to the start of the pandemic. 

The Secret Service was involved in stopping the scam and said in a bulletin a “well-organized” Nigerian fraud ring was “exploiting” the health crisis for their own gain. They estimate losses in the hundreds of millions and have seen evidence of the fraud scam in North Carolina, Oklahoma, Wyoming, Massachusetts, Rhode Island, Washington and Florida.

Though L&I officials said they were aware of the fraud scheme in mid May, particularly in Washington, they said the department “immediately took action” when its anti-fraud division became aware of fraud attempts in Pennsylvania over Memorial Day weekend.

“Criminals will use stolen personally identifiable information to file fraudulent state unemployment claims,” according to a Secret Service spokesperson. “Crooks will then use social engineering techniques to recruit unsuspecting individuals to launder illicitly obtained funds in order to conceal the identity, source and destination.”

The fraudsters were going after first responders, school employees, and government personnel, according to the Secret Service.

Jordan Wolman, a student at Lehigh University, is a summer intern for the Pennsylvania Legislative Correspondents Association.